Title: Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments

Critical Infrastructure Stakeholders and Partners,

CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices.

In response, CISA has released [Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services] which provides technical details and indicators of compromise to help detect and respond to potential attacks.

CISA encourages users and administrators to review [AR21-013A] and apply the recommendations to strengthen cloud environment configurations.

Link: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-013a

For more information, contact central@cisa.dhs.gov

Respectfully,

Cybersecurity and Infrastructure Security Agency

Defend Today Secure Tomorrow