UK’s NCSC Issues Warning as SVR Hackers Target Cloud Services

2024-03-01 20:15

Russian state hackers are adapting their techniques to target organizations moving to the cloud, an advisory from the UK National Cyber Security Centre and international security agencies has warned.

The advisory details how cyber espionage group APT29 is directly targeting weaknesses in cloud services used by victim organizations to gain initial access to their systems.

The advisory urges organizations to address common vulnerabilities in their cloud environments by removing dormant accounts, enabling multi-factor authentication and creating canary accounts to monitor for suspicious activity.

"Service accounts are often also highly privileged depending on which applications and services they're responsible for managing. Gaining access to these accounts provides threat actors with privileged initial access to a network, to launch further operations."

Hackers who have access to a dormant account can get around any password resets enforced by an organization following a security breach, the advisory notes; they simply log into the dormant or inactive account and follow the password reset instructions.

"Business leaders must take cloud security seriously by investing in proper skills, tools and processes. They should ensure employees have cloud architecture and security training to avoid basic misconfigurations. They should also embrace the shared responsibility model, so they know exactly what falls within their purview."

News URL

https://www.techrepublic.com/article/ncsc-uk-svr-cyber-threat-actors/

#cloud #hacker #UK