Cybersecurity threats are continuing to rise, and now federal officials are warning that some cybercriminals are bypassing multi-factor authentication (MFA), one of the first lines of defense against cyberattacks.
According to the Cybersecurity and Infrastructure Security Agency (CISA), there have been recent attacks focused on compromising the cloud, that were successful despite the use of security tools. CISA did, however, acknowledge that victims of these types of attacks typically had “weak cyber-hygiene practices,” such as not requiring the use of a VPN.
“Most of the attacks are opportunistic, taking advantage of poor cloud cyber-hygiene and misconfigurations,” the agency’s alert read. “These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services. Despite the use of security tools, affected organizations typically had weak cyber-hygiene practices that allowed threat actors to conduct successful attacks.”
The CISA also noted that phishing and a “pass-the-cookie” attack have been the primary methods for these cloud attacks. This method involves using browser cookies to store user authentication information so that the user stays signed in. The authentication information is then stored after the MFA verification, so the user isn’t prompted for another check.
Since the report just came out, MSPs have yet to respond. But one way they can bolster their cybersecurity efforts, according to experts, is to get “another pair of eyes” to make sure their networks are as clean as they expect them to be.
As cloud adoption is expected to further accelerate in the coming year, so too is cloud security. However, it is important that companies avoid the mindset that practices like MFA are enough to keep their data secure. Instead, experts recommend strong security awareness training so that all employees are aware of possible vulnerabilities and avenues for cyberattacks.