Sometimes MFA isn’t enough

About a month ago we published a blog series on multi-factor authentication (MFA) by guest writer, Chris Bonatti of IECA of Casper.

Since publishing that, CISA (Cybersecurity Infrastructure Security Agency) has alerted companies that MFA was defeated in some cloud services by a combination of a brute force and pass-the-cookie attack. The video below describes what a pass-the-cookie attack is and how it works.

https://www.bleepingcomputer.com/news/security/cisa-hackers-bypassed-mfa-to-access-cloud-service-accounts/

YouTube player

CISA said that the attacks targeted employees who accessed their organizations’ cloud services from home and weak cyber hygiene practices were the main cause behind the success of the attacks.

Wyoming’s Cybersecurity Competition for Small Businesses helps you figure out how to better manage remote workers. The competition starts on February 1 and provides one-on-one training to help you manage your people, processes, and cultural security risks. To register, contact us at info@cyberwyoming.org.

Because your computer doesn’t come with a cybersecurity manual.
Join the competition today – it’s free to Wyoming businesses and organizations.

Share:

Register to Receive the Tech Joke of the Week!

This Week's Joke:

How many programmers does it take to change a light bulb?

None, it is a hardware problem!

More Posts: