CISA Says Threat Actors Bypassed MFA to Access Cloud Service Accounts

22
CISA Says Threat Actors Bypassed MFA

The US Cybersecurity and Infrastructure Security Agency (CISA) reveals that hackers bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.

The cyber security agency said on Wednesday, “CISA is aware of several recent successful cyber-attacks against various organizations’ cloud services. The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.”

CISA says hackers could defeat MFA authentication protocols as part of a ‘pass the cookie’ attack where attackers hijack an already authenticated session using stolen session cookies to log into web apps or online services.

To Read More:  BleepingComputer