Hackers in the SolarWinds Attack Bypassed MFA - Is Nothing Safe Anymore?

Posted on by Dawna M. Roberts in News January 22, 2021

As more information is unearthed about the SolarWinds attack, the most recent information reveals that hackers were able to bypass MFA (multi-factor authentication) to breach systems and email accounts. This alarming find only proves that nothing is completely failsafe when it comes to cybersecurity.

What Happened?SolarWinds Data Breach

According to BleepingComputer on January 13, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that the SolarWinds hackers were able to bypass MFA to access “ compromised cloud service accounts.”

The report issued by CISA last Wednesday said, “The cyber threat actors involved in these attacks used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a ‘pass-the-cookie’ attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.”

How Was it Possible?

The Bleeping Computer explains how this was possible “CISA believes that the threat actors were able to defeat MFA authentication protocols as part of a ‘pass-the-cookie’ attack in which attackers hijack an already authenticated session using stolen session cookies to log in to online services or web apps.”

They went onto explain further, “The agency also observed attackers using initial access gained after phishing employee credentials to phish other user accounts within the same organization by abusing what looked like the organization’s file hosting service to host their malicious attachments.”

The CISA report divulged that “In addition to modifying existing user email rules, the threat actors created new mailbox rules that forwarded certain messages received by the users (specifically, messages with certain phishing-related keywords) to the legitimate users’ Really Simple Syndication (RSS) Feeds or RSS Subscriptions folder in an effort to prevent warnings from being seen by the legitimate users.”

Poor Cybersecurity Practices is the Ultimate Culprit

The FBI has warned companies about scammers using auto-forwarding rules to breach email clients in a Business Email Compromise (BEC) attack.

CISA’s final determination is that even with the high-level skills of threat actors behind the Solar Winds attack, most of these incidents were due to “weak cyber hygiene practices,” which cannot overrule decent cybersecurity solutions.

The biggest threat to any organization is that one employee who clicks a link in a phishing email and then fills out a form on a malicious website using their company credentials to log in. 

The Solution

Although admittedly, the hacker group who attacked the SolarWinds supply chain was sophisticated, the weak link remains the employees and poor cybersecurity practices in place. 

The number one item that should be on every corporate agenda is to educate employees about phishing attacks, cybersecurity best practices, and proper protocol. Just doing that could cut the number of successful hacking incidents by a huge percentage. Some of the items to cover with employees are:

  • Never click links or download attachments in email.

  • Never install software without authorization from the IT department or from untrusted sources.

  • Never, ever provide login details to anyone who asks for them.

  • Keep only long, strong passwords that do not have anything to do with your personal life, details, or preferences that someone could guess.

  • Limit sharing personal information online, especially on social media.

  • Always enable multi-factor authentication when possible.

  • Always be on the lookout for scams, fraud, and phishing. 

  • Keep all devices updated with the latest security patches.

  • Install and run frequently good, reputable antivirus software.

The best way to stay safe is common sense. The more your staff knows how to protect their own logins and personal devices, the stronger the company will be as a whole.

Check Your Records For Breaches, Leaks, & Exposures

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

Scan Your Records for Breaches, Leaks & Exposures!