CISA Says Threat Actors Bypassed MFA to Access Cloud Service Accounts

CISA Says Threat Actors Bypassed MFA

The US Cybersecurity and Infrastructure Security Agency (CISA) reveals that hackers bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.

The cyber security agency said on Wednesday, “CISA is aware of several recent successful cyber-attacks against various organizations’ cloud services. The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.”

Also Read: Challenges of Cloud Security in the Metaverse

CISA says hackers could defeat MFA authentication protocols as part of a ‘pass the cookie’ attack where attackers hijack an already authenticated session using stolen session cookies to log into web apps or online services.

To Read More:  BleepingComputer

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.