Quote:The Feds are warning that cybercriminals are bypassing multi-factor authentication (MFA) and successfully attacking cloud services at various U.S. organizations.
According to an alert issued Wednesday by the Cybersecurity and Infrastructure Security Agency (CISA), there have been “several recent successful cyberattacks” focused on compromising the cloud. Most of the attacks are opportunistic, taking advantage of poor cloud cyber-hygiene and misconfigurations, according to the agency.
“These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services,” the alert outlined. “Despite the use of security tools, affected organizations typically had weak cyber-hygiene practices that allowed threat actors to conduct successful attacks.”
For instance, in one case, an organization did not require a virtual private network (VPN) for remote employees accessing the corporate network.
“Although their terminal server was located within their firewall, due to remote work posture, the terminal server was configured with port 80 open to allow remote employees to access it—leaving the organization’s network vulnerable [to brute-forcing],” CISA explained.
The agency also noted that phishing and possibly a “pass-the-cookie” attack have been the primary attack vectors for the cloud attacks.
Read more: https://threatpost.com/cloud-attacks-byp...ds/163056/
![[-]](https://www.geeks.fyi/images/collapse.png)
