CISA Says Threat Actors Bypassed MFA to Access Cloud Service Accounts

56
CISA Says Threat Actors Bypassed MFA

The US Cybersecurity and Infrastructure Security Agency (CISA) reveals that hackers bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.

The cyber security agency said on Wednesday, “CISA is aware of several recent successful cyber-attacks against various organizations’ cloud services. The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.”

Also Read: Challenges of Cloud Security in the Metaverse

CISA says hackers could defeat MFA authentication protocols as part of a ‘pass the cookie’ attack where attackers hijack an already authenticated session using stolen session cookies to log into web apps or online services.

To Read More:  BleepingComputer

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.