The Feds are warning that cybercriminals are bypassing multi-factor authentication (MFA) and successfully attacking cloud services at various U.S. organizations.
According to an alert issued Wednesday by the Cybersecurity and Infrastructure Security Agency (CISA), there have been “several recent successful cyberattacks” focused on compromising the cloud. Most of the attacks are opportunistic, taking advantage of poor cloud cyber-hygiene and misconfigurations, according to the agency.
“These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services,” the alert outlined. “Despite the use of security tools, affected organizations typically had weak cyber-hygiene practices that allowed threat actors to conduct successful attacks.”
