Top Threats

NSA Detecting Abuse of Authentication Mechanisms

  • 1.  NSA Detecting Abuse of Authentication Mechanisms

    Posted Dec 18, 2020 01:29:00 AM
      |   view attached

    Hi All,

    The NSA published Detecting Abuse of Authentication Mechanisms which discusses how malicious cyber actors are abusing trust in federated authentication environments to access protected data. The exploitation occurs after the actors have gained initial access to a victim's on-premises network. The actors leverage privileged access in the on-premises environment to subvert the mechanisms that the organization uses to grant access to cloud and on-premises resources and/or to compromise administrator credentials with the ability to manage cloud resources. The actors demonstrate two sets of tactics, techniques, and procedures (TTP) for gaining access to the victim
    network's cloud resources, often with a particular focus on organizational email.



    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------