A new report by the Cybersecurity and Infrastructure Security Agency (CISA) revealed that cybercriminals have started to target various corporations and individuals with phishing, forced login attempts, and other attacks in order to get access to cloud accounts.
These attacks don’t seem to be orchestrated by the same actor, but they share similar tactics. Indeed, the attackers spoofed file hosting services and other legitimate vendors by using phishing emails in order to get log-ins. They also used these hacked accounts to phish other members of the organization.
Moreover, some attackers changed forwarding and keyword search rules in order to monitor email conversations with suppliers, as well as hide phishing warnings.
Despite having a multi-factor authentication (MFA), these actors are able to go through it with browser cookies, in what could be called a ‘pass-the-cookie’ attack.
Not long after the hack of SolarWinds, these cyberattacks are getting more widespread and sophisticated to become a very serious threat.
Hence, the report urges every organization to reinforce their cybersecurity and strengthen their infrastructure and their cloud security practices. Further, it was also recommended that remote employees should not use personal devices for work.