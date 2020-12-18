- Advertisement -

The United States National Security Agency (NSA) warns about cybercriminals that use fake credentials to access the cloud. The agency has produced a document that teaches Microsoft Azure administrators to detect and protect themselves from these kinds of attacks.

This initiative is due to the fact that cyber attacks have been registered in different organizations. Notable among which are the supply chain of SolarWinds, the Department of the Treasury, Commerce and Energy. As well as Homeland Security, National Institutes of Health, and the National Nuclear Security Administration.

What is this cloud credential spoofing all about?

The NSA indicates that cybercrime uses two tactics, techniques and procedures (TTP) to forge credentials and access the cloud.

The first of these is “Security Assertion Markup Language (SAML) token spoofing” at logins. This practice compromises the cloud infrastructure, stealing data such as usernames and passwords, to falsify them and access it at any time.

In the second TTP, the hackers go there. Cybercriminals use administrative profiles to assign “credentials to identities” so that they can access other resources in the cloud. In this, the target “usually” is the email service. In this regard, the NSA expresses:

“It is essential that when running products that perform authentication, the server and all the services that depend on it are properly configured for secure operation and integration. Otherwise, the SAML tokens could be forged, granting access to numerous resources ”.

Recommendations made by the NSA to detect suspicious tokens

The National Security Agency recommends checking the authentication and authorization settings in Active Directory. This with the intention of validating that the tokens with attributes are in line with the policies of the organization.

Another recommendation is to eliminate unnecessary applications, multi-factor authentication. In addition to disabling legacy authentication.

The NSA is aware of the importance of the cloud in our lives. Many of our personal and business activities (services and tools) depend on it. This agency urges users to carry out periodic reviews and check those suspicious tokens that do not correspond with the regulations of the company.

