Threat Actors Bypassed MFA to Gain Access to Cloud Service Accounts

The United States Cybersecurity and Infrastructure Agency (CISA) has alerted the firms by stating that cyber attackers are bypassing multi-factor authentication (MFA) protocols to secure access to the cloud service accounts.
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 6 cores and 12 processing threads bundled with the quiet AMD wraith stealth cooler max temps 95°C 4 2 G... read more
(as of February 24, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more
(as of February 24, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD's fastest 8 core processor for mainstream desktop, with 16 procesing threads Can deliver elite 100+ FPS performance in the world's most popular games Cooler not included, high-performance cooler recommended 4.7 GHz Max Boost, unlocked for overclo... read more
(as of February 24, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Threat actors often use username and password combinations while targeting the organizations but hackers usually are unsuccessful in doing so due to an enabled multi-factor authentication by an organization. CISA said, threat actors successfully gained access to a user’s account despite MFA being enabled, at one instance, in this incident the hackers may have used browser cookies to bypass MFA.
The threat actors use stolen cookies to gain access to web applications or online services and take control over an authenticated session. CISA noticed that cyber attackers are taking benefits of email forwarding protocols by storing critical information regarding the user’s personal email accounts.
CISA stated in the report that “in one case, we determined that the threat actors modified an existing email rule on a use’s account-originally set by the user to forward emails sent from a certain sender to a personal account-to redirect the emails to an account controlled by the actors. The threat actors updated the rule to forward all email to the threat actors’ accounts”.
Threat actors also designed new mailbox regulations, which were created to send specific messages to the users. These messages contained specific phishing related keywords and these messages were transmitted by using Really Simple Syndication (RSS) feeds or RSS subscription folders to keep users from being alerted. CISA also clarified that this data breach has no link to the SolarWinds supply chain attack.
While explaining further, CISA told, “recommended mitigations for organizations to strengthen their cloud environment configuration to protect against, detect and respond to potential attacks”. These recommendations also include tactics, techniques, and procedures (TTPs) which will provide assistance to the security teams to counter the attacks by threat actors on their organizations.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.