Hackers in the SolarWinds Attack Bypassed MFA - Is Nothing Safe Anymore?

  • By Dawna M. Roberts
  • Published: Jan 22, 2021
  • Last Updated: Mar 18, 2022

As more information is unearthed about the SolarWinds attack, the most recent information reveals that hackers were able to bypass MFA (multi-factor authentication) to breach systems and email accounts. This alarming find only proves that nothing is completely failsafe when it comes to cybersecurity.

What Happened?SolarWinds Data Breach

According to BleepingComputer on January 13, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that the SolarWinds hackers were able to bypass MFA to access “ compromised cloud service accounts.”

The report issued by CISA last Wednesday said, “The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.”

How Was it Possible?

The Bleeping Computer explains how this was possible “CISA believes that the threat actors were able to defeat MFA authentication protocols as part of a ‘pass-the-cookie’ attack in which attackers hijack an already authenticated session using stolen session cookies to log in to online services or web apps.”

They went onto explain further, “The agency also observed attackers using initial access gained after phishing employee credentials to phish other user accounts within the same organization by abusing what looked like the organization’s file hosting service to host their malicious attachments.”

The CISA report divulged that “In addition to modifying existing user email rules, the threat actors created new mailbox rules that forwarded certain messages received by the users (specifically, messages with certain phishing-related keywords) to the legitimate users’ Really Simple Syndication (RSS) Feeds or RSS Subscriptions folder in an effort to prevent warnings from being seen by the legitimate users.”

Poor Cybersecurity Practices is the Ultimate Culprit

The FBI has warned companies about scammers using auto-forwarding rules to breach email clients in a Business Email Compromise (BEC) attack.

CISA’s final determination is that even with the high-level skills of threat actors behind the Solar Winds attack, most of these incidents were due to “weak cyber hygiene practices,” which cannot overrule decent cybersecurity solutions.

The biggest threat to any organization is that one employee who clicks a link in a phishing email and then fills out a form on a malicious website using their company credentials to log in. 

The Solution

Although admittedly, the hacker group who attacked the SolarWinds supply chain was sophisticated, the weak link remains the employees and poor cybersecurity practices in place. 

The number one item that should be on every corporate agenda is to educate employees about phishing attacks, cybersecurity best practices, and proper protocol. Just doing that could cut the number of successful hacking incidents by a huge percentage. Some of the items to cover with employees are:

  • Never click links or download attachments in email.

  • Never install software without authorization from the IT department or from untrusted sources.

  • Never, ever provide login details to anyone who asks for them.

  • Keep only long, strong passwords that do not have anything to do with your personal life, details, or preferences that someone could guess.

  • Limit sharing personal information online, especially on social media.

  • Always enable multi-factor authentication when possible.

  • Always be on the lookout for scams, fraud, and phishing. 

  • Keep all devices updated with the latest security patches.

  • Install and run frequently good, reputable antivirus software.

The best way to stay safe is common sense. The more your staff knows how to protect their own logins and personal devices, the stronger the company will be as a whole.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Financial Business and Consumer Solutions Data Breach

Financial Business and Consumer Solutions Data Breach

Financial Business and Consumer Solutions (FBCS) was founded in 1982 as Federal Bond Collection Services and currently has over 100 employees.

Wattpad Data Breach

Wattpad Data Breach

Reportedly, in the top 160 most visited websites in the world, Wattpad prides itself as the world's most loved storytelling platform.

Teleperformance Breach

Teleperformance Breach

Teleperformance began its operations in 1910 in Paris, France, as a customer service management company. The company founded its United States division in 1993, which is situated in Salt Lake City, Utah.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address