xanix
Advanced
- Joined
- 20.10.20
- Messages
- 112
- Reaction score
- 795
- Points
- 93
The US authorities reported hacking of cloud corporate accounts due to employees ' failure to comply with the requirements of cyber hygiene.
The US Cybersecurity and Infrastructure Security Agency (CISA) has reported a series of successful cyber attacks on a number of cloud services.
According to the CISA notification, the attackers carried out phishing attacks and took advantage of the fact that employees of many organizations do not adhere to the rules of digital hygiene. In addition to phishing, cybercriminals also used brute force and pass-the-cookie attacks, a post-exploitation technique to intercept the session. With some accounts, the first attempts of hackers to guess passwords by brute force were not successful. However, in some cases the attackers even managed to get around two-factor authentication and hack into an account in the cloud services.
In at least one case, the attackers modified or configured the rules for forwarding emails to accounts under their control. They also changed the existing rules for searching emails (subject and body), setting keywords that allow you to identify messages with confidential information (for example, with payment data).
"In addition to changing the existing email rules for users, the attackers also created new rules for mailboxes that forwarded some messages received by users (in particular, messages with certain keywords) to the Really Simple Syndication (RSS) or RSS subscription folder of legitimate users, so that legitimate users would not see warnings," CISA reports.
The US Cybersecurity and Infrastructure Security Agency (CISA) has reported a series of successful cyber attacks on a number of cloud services.
According to the CISA notification, the attackers carried out phishing attacks and took advantage of the fact that employees of many organizations do not adhere to the rules of digital hygiene. In addition to phishing, cybercriminals also used brute force and pass-the-cookie attacks, a post-exploitation technique to intercept the session. With some accounts, the first attempts of hackers to guess passwords by brute force were not successful. However, in some cases the attackers even managed to get around two-factor authentication and hack into an account in the cloud services.
In at least one case, the attackers modified or configured the rules for forwarding emails to accounts under their control. They also changed the existing rules for searching emails (subject and body), setting keywords that allow you to identify messages with confidential information (for example, with payment data).
"In addition to changing the existing email rules for users, the attackers also created new rules for mailboxes that forwarded some messages received by users (in particular, messages with certain keywords) to the Really Simple Syndication (RSS) or RSS subscription folder of legitimate users, so that legitimate users would not see warnings," CISA reports.