SECURITY THROUGH DATA

CYBER 101

  • Blog
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Entertainment
  • FAQ

Cyber Risks

  • Alerts
  • Attackers
  • Incidents
  • Threats

Cyber Education

  • Books
  • Certifications
  • Courses
  • Definitions
  • Documents
  • Domains
  • Quotes
  • Tutorials
  • Trivia
CyberMaterial
  • Home
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
No Result
View All Result
  • About
    • Company
    • Legal and Privacy Policy
CyberMaterial
  • Home
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
No Result
View All Result
  • About
    • Company
    • Legal and Privacy Policy
CyberMaterial
No Result
View All Result

Detecting Abuse of Authentication Mechanisms

1 min read
in Document, Report

Summary

Malicious cyber actors are abusing trust in federated authentication environments to access protected data. The exploitation occurs after the actors have gained initial access to a victim’s on-premises network. The actors leverage privileged access in the on-premises environment to subvert the mechanisms that the organization uses to grant access to cloud and on-premises resources and/or to compromise administrator credentials with the ability to manage cloud resources. The actors demonstrate two sets of tactics, techniques, and procedures (TTP) for gaining access to the victim network’s cloud resources, often with a particular focus on organizational email.

In the first TTP, the actors compromise on-premises components of a federated SSO infrastructure and steal the credential or private key that is used to sign Security Assertion Markup Language (SAML) tokens (TA00061 , T1552, T1552.004). Using the private keys, the actors then forge trusted authentication tokens to access cloud resources. A recent NSA Cybersecurity Advisory warned of actors exploiting a vulnerability in VMware Access and VMware Identity Manager that allowed them to perform this TTP and abuse federated SSO infrastructure.

While that example of this TTP may have previously been attributed to nation-state actors, a wealth of actors could be leveraging this TTP for their objectives. This SAML forgery technique has been known and used by cyber actors since at least 2017.

GET REPORT

Related

Tags: Detecting Abuse of Authentication MechanismsMFA DocumentReport
0
VIEWS
ADVERTISEMENT

Related Posts

Software Quality Assurance

Software Quality Assurance

June 24, 2022
7 tips to improve your QA

7 tips to improve your QA

June 24, 2022
World Quality Report 2021 22

World Quality Report 2021 22

June 24, 2022
ARIMA Supplemented Security Metrics for Quality Assurance and Situational Awareness

ARIMA Supplemented Security Metrics for Quality Assurance and Situational Awareness

June 24, 2022

More Articles

Book

Protocols for Secure Electronic Commerce, Third Edition

December 17, 2020
Stat

2.259.038 computers of unique users were targeted by miners.

November 23, 2020
Entertainment

Blockchain Insider Podcast by 11:FS

February 25, 2021

Krita art app users targeted by ransomware posing as paid ‘collaboration’ opportunities

September 15, 2021
Book

Cybersecurity and Information Security Analysts

January 24, 2022
Cyber Review

Cyber Review: Monkey, Shakespeare, Typewriter – Cybersecurity for Everyone

June 23, 2022

Health Data for Millions Deleted From Cloud Bucket

June 2, 2021

“We recommend that organizations apply the principle of least privilege to all accounts …”

April 19, 2021
Load More
ADVERTISEMENT

© 2022 | CyberMaterial | All rights reserved.

  • About us
  • Contact
  • Legal and Privacy Policy
No Result
View All Result
  • Cyber101
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Incidents
    • Threats
  • Cyber Education
    • Book
    • Certification
    • Course
    • Definition
    • Document
    • Quotes
    • Tutorials

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Posting....