The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols.
To breach the network, they used credentials compromised in a brute-force password guessing attack to access an un-enrolled and inactive account, not yet disabled in the organization's Active Directory.
With the help of these compromised accounts and without MFA enforced, the Russian-backed threat actors could move laterally and gain access to the cloud storage and email accounts and exfiltrate data. ================================================================= Use better security, use Wave VSC 2.0 (MFA)!! The Wave alternative is simpler, more secure and cheaper! It protects networks, data and devices! Try Wave, use Wave and become a happy Wave customer!! ================================================================== http://www.wavesys.com/
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.