The Cybersecurity and Infrastructure Security Agency (CISA) has issued an analysis report in response to cyber attacks on cloud services of various organizations. The agency also found that hackers take advantage of email forwarding rules created by users to gain access to sensitive data.
Threat actors used several techniques such as brute force login attempts, phishing and a “pass-the-cookie” attack to bypass multifactor authentication and exploit vulnerabilities in the organizations’ cloud security practices, CISA said in the report published Wednesday.
“These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services. Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks,” the report reads.
CISA has recommended several measures to help organizations protect cloud environments, such as implementing conditional access policies, reviewing user-created email forwarding alerts and rules and assessing active directory sign-in logs and unified audit logs for malicious activity.