CISA: Hackers bypassed MFA to access cloud service accounts
The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.
"CISA is aware of several recent successful cyberattacks against various organizations’ cloud services," the cybersecurity agency said on Wednesday.
"The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a 'pass-the-cookie' attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices."
Enabling MFA is not always enough
While threat actors tried gaining access to...