The National Security Agency (NSA) has published new guidance on how to address cyber threats that tamper with authentication systems to illegally access cloud-based data.
NSA said Thursday that its recent advisory, titled “Detecting Abuse of Authentication Mechanisms,” references state-sponsored cyber actors who forged credentials and exploited vulnerabilities to obtain unauthorized access.
The advisory tackles two types of tactics, techniques and procedures or TTPs that can breach through security systems via vulnerability exploitation. The first TTP focuses on manipulating an authentication system's on-premise components, and the second one exploits a global administrator account linked to the targeted system.
The agency advises organizations to fortify and monitor on-premise federated and identity systems for signs of breaching. The full advisory can be found here.