The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks.

According to an advisory published by CISA, an increasing number of attacks have succeeded as more employees have begun to work remotely with a variety of corporate laptops and personal devices during the COVID-19 pandemic.

CISA has observed that the attackers have used a variety of techniques, including phishing and brute force login attempts to exploit human weaknesses and the security configuration of corporate cloud accounts.

In one case, described in the advisory, an organisation failed to require use of a VPN when accessing its corporate network, and the intentionally lax configuration designed to make it easier for remote workers to access systems left the organisation’s network vulnerable to anybody to access through a brute-force login attack.

In other instances, malicious hackers had been seen phishing for users’ cloud service account login credentials through email phishing attacks that claimed to link to a “secure message” hosted on a legitimate site which required users to login.

“After a targeted recipient provided their credentials, the threat actors then used the stolen credentials to gain initial access to the user’s cloud service account.” “CISA observed the actors’ logins originating from foreign locations (although the actors could have been using a proxy or The Onion Router (Tor) to obfuscate their location). The actors then sent emails from the user’s account to phish other accounts within the organization. In some cases, these emails included links to documents within what appeared to be the organization’s file hosting service.”

Perhaps most interestingly of all, CISA warned that it had seen evidence that cybercriminals had successfully bypassed the highly-recommended security measure of multi-factor authentication (Read more...)