Blog

Dec 17, 2020

NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources

Posted by in category: cybercrime/malcode

In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory Thursday “Detecting Abuse of Authentication Mechanisms.” This advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud. It builds on the guidance shared in the cybersecurity advisory regarding VMware with state-sponsored actors exploiting CVE 2020–4006 and forging credentials to access protected files, though other nation states and cyber criminals may use this tactic, technique, and procedure (TTP) as well.

Detecting abuse of authentication mechanisms infographic.

Comments are closed.