This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies By closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Home » NSA warns hackers are forging cloud authentication information
This advisory specifically discusses detection and mitigation of two TTPs to forge authentications and gain access to a victim’s cloud resources. While these TTPs require the actors to already have privileged access in an on-premises environment, they are still dangerous as they can be combined with other vulnerabilities to gain initial access, then undermine trust, security, and authentication. Initial access can be established through a number of means, including known and unknown vulnerabilities, says the NSA. The recent SolarWinds Orion code compromise is one serious example of how on-premises systems can be compromised, leading to abuse of federated authentication and malicious cloud access.
Mitigation actions include hardening and monitoring systems that run local identity and federation services, locking down tenant single sign-on (SSO) configuration in the cloud, and monitoring for indicators of compromise.