Security News > 2021 > January > CISA Warns Organizations About Attacks on Cloud Services
In light of successful cyberattacks targeting organizations' cloud services, the U.S. Cybersecurity and Infrastructure Security Agency has published a series of recommendations on how businesses can improve their cloud security.
The attacks observed by CISA exploit poor cyber hygiene practices within cloud services configurations, and the agency says the activity is not tied to a specific threat actor or the recent SolarWinds attack.
Thus, the recommended mitigations apply to all organizations looking to ensure their cloud services are better protected from cyberattacks.
CISA notes that the recommendations are based on CISA incident response engagements and that the observed attacks frequently involved telework that leveraged a mixture of corporate laptops and personal devices for access to cloud services.
"Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks," CISA notes.
To mitigate cyberattacks targeting their cloud services, organizations are advised to implement conditional access policies, establish a baseline for normal network activity, review logs, enforce MFA, review user-created email forwarding rules and alerts, establish a mitigation plan, secure privileged access, prohibit personal devices at work, audit email rules, ensure users consent only to app integrations that have been pre-approved, and adopt a zero-trust mindset.
News URL
Related news
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)