fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

CISA: Hackers Bypassed MFA To Access Cloud Service Accounts

CISA: Hackers Bypassed MFA To Access Cloud Service Accounts

The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.

“CISA is aware of several recent successful cyberattacks against various organizations’ cloud services,” the cybersecurity agency said on Wednesday.

“The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.”

Enabling MFA is not always enough

While threat actors tried gaining access to some of their targets’ cloud assets via brute force attacks, they failed due to their inability to guess the correct credentials or because the attacked organization had MFA authentication enabled.

Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way

However, in at least one incident, attackers were able to successfully sign into a user’s account even though the target had multi-factor authentication (MFA) enabled.

CISA believes that the threat actors were able to defeat MFA authentication protocols as part of a ‘pass-the-cookie’ attack in which attackers hijack an already authenticated session using stolen session cookies to log into online services or web apps.

The agency also observed attackers using initial access gained after phishing employee credentials to phish other user accounts within the same organization by abusing what looked like the organization’s file hosting service to host their malicious attachments.

In other cases, the threat actors were seen modifying or setting up email forwarding rules and search rules to automatically collect sensitive and financial information from compromised email accounts.

“In addition to modifying existing user email rules, the threat actors created new mailbox rules that forwarded certain messages received by the users (specifically, messages with certain phishing-related keywords) to the legitimate users’ Really Simple Syndication (RSS) Feeds or RSS Subscriptions folder in an effort to prevent warnings from being seen by the legitimate users,” CISA added.

The FBI also warned US organizations about scammers abusing auto-forwarding rules on web-based email clients in Business Email Compromise (BEC) attacks.

Attacks not linked to SolarWinds hackers

CISA also said that this activity is not explicitly linked to the threat actors behind the SolarWinds supply-chain attack or any other recent malicious activity.

The attacks CISA refers to have regularly targeted employees who used company-provided or personal devices while accessing their organizations’ cloud services from home.

Weak cyber hygiene practices were the main cause behind the success of the attacks, despite the use of security solutions.

Information shared today is exclusively collected during several CISA incident response engagements and it also contains “recommended mitigations for organizations to strengthen their cloud environment configuration to protect against, detect, and respond to potential attacks.”

Today’s advisory also provides indicators of compromise and tactics, techniques, and procedures (TTPs) that can further help admins and security teams to effectively respond to attacks targeting their organizations’ cloud assets.

CISA’s advisory contains measures organizations can take to strengthen their cloud security configurations and block attacks targeting their cloud services.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

Last Friday, the agency issued another security alert regarding the SolarWinds threat actor’s use of password spraying and password guessing attacks, as well as exploiting poorly secured credentials to breach victims instead of using the Sunburst backdoor.

A National Security Agency advisory from December 2020 also warned of hackers forging cloud authentication info to gain access to targets’ access cloud resources.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us