Smile On Fridays secured coverage in ComputerWeekly for OneLogin!

Should I be worried about MFA-bypassing pass-the-cookie attacks?

A series of recent cyber attacks against organisations’ cloud services that exploited poor cyber hygiene practice have put security teams on high alert and raised questions over the adequacy of multi-factor authentication (MFA).

Earlier in January, the US’ Cybersecurity and Infrastructure Security Agency (CISA) issued an alert following a spate of attacks, advising users to strengthen their cloud environment configuration.

The agency said the attacks were likely occurring due to high volumes of remote working and a mixture of corporate and personal devices being used to access cloud services.

The malicious actors behind the attacks are using various different tactics and techniques, including phishing, brute force login attempts, but also so-called pass-the-cookie attacks to defeat MFA.