- Threat actors are successfully exploiting enterprises with poor cyber hygiene to compromise cloud security services through phishing attacks and brute force attempts, DHS CISA warns.
- Threat actors are using “pass-the-cookie” attacks to exploit weaknesses. These attacks are typically launched within the Active Directory domain.
- When an entity employs multi-factor authentication on top of web applications, the user is prompted to provide further proof of their identity, such as push notifications on their mobile device. Once a user successfully passes the authentication tests, they’re given access and the browser creates a cookie that is stored for the user’s session.
- CISA has also observed hackers gathering sensitive information from victims by exploiting email forwarding rules, set up by users to forward work emails to personal accounts. By modifying an existing email rule, these hackers then redirected the emails to an account controlled by the actors.
- Then, they updated the rule to forward all of the victim’s emails to threat actor accounts. In similar attacks, the actors were observed modifying existing rules to search users’ email messages for finance-related keywords. The emails were then forwarded to hacker-controlled accounts.
- In light of several reports that show healthcare remains a prime hacking target and a rapid increase in attacks on healthcare web applications, entities should review these CISA insights to secure their cloud and remote environments.
– Jessica Davis | January 14, 2021
