Hackers Bypassing MFA To Access Cloud Accounts, Warn CISA

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of a worrying development with hackers exploiting poor cyber hygiene practices within a victims’ cloud services configuration.

Indeed, CISA warned on Wednesday hackers are bypassing multi-factor authentication (MFA) authentication protocols in order to compromise cloud accounts.

The warns comes after outgoing US President Donald Trump in November fired Chris Krebs, the widely respected CISA director, after he disagreed publicly with Trump’s allegation of voter fraud.

MFA bypass

CISA this week however has warned that hackers are increasingly targeting corporate and personal laptops with phishing, brute force login attempts and possibly a “pass-the-cookie” attack to access cloud accounts.

“CISA is aware of several recent successful cyberattacks against various organisations’ cloud services,” said the federal agency. “Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices.”

“In response, CISA has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services which provides technical details and indicators of compromise to help detect and respond to potential attacks,” it added.

According to CISA, some hackers have spoofed file hosting services and other legitimate vendors in phishing emails in order to harvest log-ins. They then use use those hijacked accounts to phish others in the organisation.

And it seems that although multi-factor authentication (MFA) has thwarted some attempts to brute force accounts, in at least one incident, the hackers were able to successfully sign into a user’s account, eventhough the target had multi-factor authentication (MFA) enabled.

CISA warned the hackers were able to defeat MFA authentication protocols as part of a ‘pass-the-cookie’ attack.

This involves hackers hijacking an already authenticated session using stolen session cookies to log into online services or web apps.

Multi-layered security

The development has prompted some response from security experts.

“Cybersecurity is multi-layered and if some layers are misunderstood, misused, or neglected, one single vulnerability has the potential to cause disastrous consequences,” explained Tom Van de Wiele, principal consultant at F-Secure.

“The most common example is the use of Multi-Factor Authentication (MFA) by organisations to protect against phishing, where most MFA solutions are only effective against attacks such as password guessing, brute-forcing or credential stuffing,” added Van de Wiele.

“Knowing that applications and IT architectures consist of a lot of moving parts and are subjective to constant change, regular testing for these kinds of scenarios as part of application and architecture-based security reviews and assessments are crucial to ensure that these scenarios cannot play out now or in the future,” he concluded.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago