NSA Warns of Hacking Tactics That Target Cloud Resources
Healthcare Info Security
The U.S. National Security Agency has issued a warning about two hacking techniques that could allow threat actors to access cloud resources by bypassing authentication mechanisms.
The warning comes after a week's worth of revelations over the SolarWinds breach that has affected government agencies as well as corporations, including Microsoft, FireEye, Intel and Nvida (see: SolarWinds Hack: Lawmakers Demand Answers).
Secretary of State Mike Pompeo, commenting on the breach, said in a Friday evening radio interview that "the Russians engaged in this activity."
"I can't say much more as we're still unpacking precisely what it is, and I'm sure some of it will remain classified," Pompeo said, according to a transcript provided by the State Department. "But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems, and it now appears systems of private companies and companies and governments across the world as well. This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity."
In a pair of tweets...