Friday, January 15, 02:01
Home security CISA: Hackers bypassed the MFA to violate cloud service accounts!

CISA: Hackers bypassed the MFA to violate cloud service accounts!

CISA announced on January 13 that hackers bypassed the protocols Multi-factor authentication (MFA) to breach cloud service accounts. Specifically, its relevant announcement states the following: "CISA is aware of many recent successes cyber attacks aimed at services cloud of various organizations. The hackers involved in these attacks used a variety of techniques and tactics, including Phishing, of attempts Brute Force, and her "Pass-the-cookie" attack - seeking to exploit vulnerabilities in the victim's cloud security practices. "

CISA: Hackers bypassed the MFA to violate cloud service accounts!

According to BleepingComputer, the hackers tried to gain access to some of their target assets through brute-force attacks. However, they failed either because they could not guess correctly credentials or because the target organization had multi-factor authentication (MFA) enabled. In at least one case, hackers were able to successfully log in to a user account, even though the target had the MFA enabled.

According to CISA, hackers managed to bypass MFA authentication protocols as part of a "pass-the-cookie" attack. This is a type of attack in which attackers invade an already validated session, using stolen session cookies, to connect to online services or the web. applications.

CISA: Hackers bypassed the MFA to violate cloud service accounts!

The agency also noted that intruders used the initial post-phishing access to employee credentials to phishing others. accounts users in the same organization, abusing what looked like the organization's file hosting service to host their malicious attachments.

In other cases, the hackers modified or created promotional rules e-mail and search rules to steal sensitive and financial information from compromised email accounts.

In addition, the FBI warns agencies of fraudulent abuse of web-based email clients BEC (Business Email Compromise) attacks.


CISA also points out that this activity of violating cloud service accounts is not explicitly linked to the cybercriminals behind the attack on its supply chain Solarwinds or any other recent malicious activity.

The CISA attacks regularly target employees who use corporate or personal devices while accessing their organization's cloud services from home. Weak security practices were the main reason behind the success of the attacks.


CISA also provides compromise indicators, as well as tactics, techniques and procedures (TTPs) that can further help managers and security teams respond effectively to attacks targeting their organization and all its "assets". The service also suggests measures that organizations can take to enhance cloud security configurations and prevent attacks targeting their cloud services.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



Why do scientists say AI hyperintelligence cannot be controlled?

AI artificial intelligence, which has come to overturn the data of humanity, has been the subject of debate for many decades. Now,...

iPhone vs Android: Which is best for you?

The battle between iPhone and Android will last forever. IOS (iPhone OS) and Android are the two ...

Owner of bitcoin exchange service arrested for money laundering

The owner of a Bulgarian bitcoin exchange service was sentenced to prison in the United States, for his involvement in fraud and providing ...

How to boot shortcuts from an Apple Watch Face

IPhone shortcuts help you automate tasks, no matter how simple or complex. But did you know that you can ...

The "New Pokémon Snap" is coming to the Nintendo Switch on April 30

Pokémon photographers better prepare, as "New Pokémon Snap" comes to the Nintendo Switch on April 30th. The release date ...

In 2020 the average price of a new car reached 33.000 euros

Among all that happened in 2020, car buyers and the car industry set another new record which we would not say ...

Qualcomm acquires NUVIA, faster processors are coming!

Qualcomm announced the acquisition of startup NUVIA. The deal is valued at $ 1,4 billion, Qualcomm said. The acquisition could ...

Telegram: 25 million new users in three days

Following the announcement of WhatsApp that it will share user data with Facebook, the encrypted Telegram messaging application saw an explosive ...

A huge flash scans the solar system after a powerful explosion!

The source of a huge flash that penetrated our solar system has been identified by scientists. The discovery of the flash will ...

The scientists analyzed the DNA of the anthropolytics

According to a new study published today in Nature, scientists have finally managed to analyze the DNA of antaroli - creatures ...