According to CISA, it has verified one of the users had their account breached even though they were using “proper multi-factor authentication (MFA).”
Last year, it was reported that threat actors have been using legitimate tools to compromise Cloud-based assets. Now, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to alert remote workers using cloud accounts about a possible security breach.
According to CISA, cybercriminals have identified a way to bypass multi-factor authentication (MFA) and are now targeting cloud service accounts.
Hackers Bypassed MFA
On Wednesday, the US cybersecurity agency revealed in an official statement that there had been multiple ‘successful cyberattacks against various organizations’ cloud services. CISA stated that attackers target personal and corporate laptops with brute force and phishing attacks as well as a “pass-the-cookie” attack for gaining access to cloud accounts.
Versatile Tactics Used to Hijack Cloud Accounts
According to CISA, the latest surge in cyberattacks against cloud services aren’t the work of a single threat actor or group. But the agency has identified several common tactics used in this campaign. For instance, attackers use spoofed versions of file hosting services or other legitimate vendors to obtain login information and hijacking cloud accounts to phish other users in the organization.
“The cyber actors designed emails that included a link to what appeared to be a secure message and also emails that looked like a legitimate file hosting service account login. After a targeted recipient provided their credentials, the threat actors then used the stolen credentials to gain Initial Access [TA0001] to the user’s cloud ..