The Cybersecurity and Infrastructure Security Agency shared 21 bullet points—more for organizations using Microsoft’s Office 365—for diminishing the extent to which adversaries are taking advantage of challenging-to-secure cloud configurations.
Analysis CISA issued Wednesday draws from incidents the agency has responded to where indicators of compromise show threat actors effectively targeting organizations’ use of the cloud with techniques such as phishing.
While CISA has been responding to federal agencies and private-sector organizations dealing with the fallout from the hacking campaign associated with the compromise of software from IT management firm SolarWinds, the agency noted that the analysis is not explicitly related to that specific threat actor.
CISA “is aware of several recent successful cyberattacks against various organizations’ cloud services,” the analysis reads. “Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.”
The term “cyber hygiene” is meant to capture the lowest-common-denominator things organizations can do to protect their systems from unauthorized access. But remote working conditions necessitated by the pandemic are raising that bar for organizations and highlighting the complexity involved in securely navigating cloud environments.
“These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services,” CISA said. “Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks.”
Among the list of solutions are measures to protect against phishing. Organizations should “focus on awareness and training,” and ensure employees know how threats can be delivered through such scams, for example. CISA also advised organizations to “establish blame-f ..