The Cybersecurity and Infrastructure Security Agency (CISA) has released an analysis report to outline security practices for organizations to help strengthen their cloud environment configuration to protect against, detect, and respond to potential attacks.
According to the report, the cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a “pass-the-cookie” attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.
To strengthen their cloud security practices, CISA recommends some of the following steps for organizations:
- Implement conditional access (CA) policies based upon your organization’s needs.
- Establish a baseline for normal network activity within your environment.
Routinely review both Active Directory sign-in logs and unified audit logs for anomalous activity.
- Enforce MFA.
- Routinely review user-created email forwarding rules and alerts, or restrict forwarding.
- Have a mitigation plan or procedures in place; understand when, how, and why to reset passwords and to revoke session tokens.
- Follow recommend guidance on securing privileged access.