NSA Cybersecurity Advisory - Detecting Abuse of Authentication Mechanisms
Detecting Abuse of Authentication Mechanisms
The National Security Agency (NSA) has released a cybersecurity advisory on detecting abuse of authentication mechanisms. This advisory describes tactics, techniques, and procedures used by malicious cyber actors to access protected data in the cloud and provides guidance on defending against and detecting such activity. This NSA advisory addresses a critical threat that is unrelated to the SolarWinds vulnerability. For more information on SolarWinds, please visit Alert (AA20-352A).
Malicious cyber actors are abusing trust in federated authentication environments to access protected data. The exploitation occurs after the actors have gained initial access to a victim’s on-premises network. The actors leverage privileged access in the on-premises environment to subvert the mechanisms that the organization uses to grant access to cloud and on-premises resources and/or to compromise administrator credentials with the ability to manage cloud resources. The actors demonstrate two sets of tactics, techniques, and procedures (TTP) for gaining access to the victim network’s cloud resources, often with a particular focus on organizational email. Read the full NSA Cybersecurity Advisory for TTP's and mitigation actions.
Subscribe Today to Receive HPP ASPR Notifications Directly
If you would like to receive bulletins like this directly, please click here to subscribe to the new HPH Sector Bulletin Distribution List. The sign up allows you to choose which content you would like to receive to keep your organization secure and resilient.