

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency today issued a warning concerning several recent cyberattacks targeting various cloud services.
The report states that threat actors are using phishing and other vectors to exploit poor cybersecurity hygiene practices within a victim’s cloud services configuration. The attacks are said to have occurred when employees have been working remotely and used a mixture of corporate laptops and personal devices to access corporate cloud services.
“Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks,” CISA noted.
Along with phishing, where employees are targeted with fake emails pretending to be official and containing malicious links, other attack vectors include threat actors collecting sensitive information by taking advantage of forwarding rules. In one case, CISA verified that threat actors signed into a user’s account with multifactor authentication, possibly using browser cookies to defeat MFA with a so-called “pass-the-cookie” attack.
That attackers were able to bypass MFA also gained the attention of security experts. Tim Wade, technical director, of the CTO Team at artificial intelligence cybersecurity company Vectra AI Inc., told SiliconANGLE that despite CISA recommendations to enable MFA on all users, without exception, MFA bypass was observed to be part of this attack.
“The malicious use of electronic discovery continues to be highlighted as a technique employed by threat actors and organizations must ensure they’re prepared to identify when eDiscovery tools are abused,” Wade said. “Mail-forwarding, as simple as it sounds, continues to evade security teams as an exfiltration and collection method. On a practical level, the guidance to baseline an organization’s traditional IT and cloud networks is infeasible in practice without the use of AI and Machine Learning techniques.”
Discussing the phishing aspect, Brendan O’Connor, co-founder and chief executive of security posture management platform provider AppOmni Inc., noted that the best way to address that problem remains ensuring two-step authentication is enabled comprehensively and consistently.
“The more dangerous and stealthy threat is when attackers find data that has been unintentionally exposed to the world,” O’Connor added. “You don’t need to steal a user’s password if a misconfiguration or exposed application programming interface grants the entire internet access to your sensitive data.”
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.