The Cybersecurity and Infrastructure Security Agency (CISA) is warning that threat actors are exploiting poor cyber hygiene to compromise cloud security environments, and in response issued its Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services.

AR21-013A provides “technical details and indicators of compromise to help detect and respond to potential attacks.” According to CISA, attacks on cloud security environments frequently occur when organizations’ employees work remotely and use a combination of corporate laptops and personal devices to access company-provided cloud services.

“Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks” the agency said.

“The cyber threat actors involved in these attacks used a variety of tactics and techniques – including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack – to attempt to exploit weaknesses in the victim organizations’ cloud security practices,” CISA wrote in the report.

To resolve the issue of exploiting poor cyber hygiene as it relates to the cloud, CISA recommended 21 steps to strengthen cloud security practices, including among others:

  • Implementing conditional access policies based on organizational needs;
  • Establishing a baseline for normal network activity within the cloud environment;
  • Enforcing multi-factor authentication;
  • Resolving client site requests internal to the company’s network;
  • Using conditional access policy to block legacy authentication protocols; and
  • Establishing a blame-free employee reporting policy, and ensuring that employees know who to contact when they identify suspicious activity or believe they have been a cyberattack victim.

Additionally, CISA noted in AR21-013A that the information within “is not explicitly tied to any one threat actor,” or to the Russia-directed hack of thousands of government and private-sector networks that came to light in December 2020.

Read More About
About
Jordan Smith
Jordan Smith
Jordan Smith is a MeriTalk Senior Technology Reporter covering the intersection of government and technology.
Tags