The US Cybersecurity and Infrastructure Security Agency (CISA) has announced a series of successful cyber attacks on a range of cloud services.
According to the CISA notice, attackers carried out phishing attacks and took advantage of the fact that employees of many organizations do not adhere to digital hygiene rules. In addition to phishing, cybercriminals have also used brute force and pass-the-cookie attacks, a post-exploitation technique to hijack a session. With some accounts, early brute-force attempts by hackers to guess passwords were unsuccessful. However, in some cases, attackers even managed to bypass two-factor authentication and hack accounts in cloud services.
In at least one case, attackers modified or configured rules for forwarding emails to accounts under their control. They also changed the existing rules for searching emails (subject and body) by setting keywords to identify messages with sensitive information (such as payment information).
“In addition to modifying the existing email rules for users, the attackers also created new rules for mailboxes that redirected some messages received by users (in particular, messages with certain keywords) to Really Simple Syndication (RSS) or the RSS folder of legitimate users. so that legitimate users do not see warnings, ”CISA reports.