CISA Analysis Report: Strengthening Security Configurations to Defend against Attacks Targeting Cloud Services

The Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis report advising that threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration, adding that it is aware of several recent successful attacks. CISA observes these types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services. Despite the use of security tools, affected organizations typically had weak cyber hygiene practices that allowed threat actors to conduct successful attacks. This report includes more on what CISA observed, including the tactics, techniques, and procedures and indicators of compromise. It also offers recommended mitigations for organizations to strengthen their cloud environment configuration to protect against, detect, and respond to potential attacks. Access the report at CISA.