CISA: Poor Cyber Hygiene Exploited to Compromise Cloud Security Services
Health IT Security
Threat actors are successfully exploiting organizations with poor cyber hygiene to compromise cloud security services, according to a new Department of Homeland Security Cybersecurity and Infrastructure Security Agency alert.
CISA is aware of multiple, recent cyberattacks against a range of enterprise cloud services. Hackers are leveraging various tactics and techniques, such as phishing attacks and brute force login attempts, in an effort to exploit weaknesses in cloud security practices.
It’s also possible the threat actors are using “pass-the-cookie” attacks to exploit weaknesses. These attacks are typically launched within the Active Directory domain.
When an entity employs multi-factor authentication on top of web applications, the user is prompted to...