Today the US Cybersecurity and Infrastructure Security Agency (CISA) have revealed that malicious actors accessed their cloud service accounts by bypassing their multi-factor authentication (MFA) protocols. The attackers had tried multiple times to breach the CISA systems using brute force attacks, and it is through that they finally defeated the MFA protocols by using a ‘pass-the-cookie’ attack. By using this method they were able to hijack an authenticated session by using stolen session cookies to access the CISA’s online services.
The CISA said that they are “aware of several recent successful cyberattacks against various organizations’ cloud services.” They also said that “the cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.”