Cloud Threats Memo: Why Multi-Factor Authentication is a Must-Have

Despite the growing interest in cloud accounts by opportunistic and state-sponsored actors, too many organizations fail to implement basic security measures to protect their cloud apps, such as multi-factor authentication (MFA) for administrators and users.

This is the concerning finding of a report recently released by Microsoft, according to which just 22% of Azure Active Directory customers implement strong authentication mechanisms such as MFA or passwordless authentication.

In a cloud-first world, identity is the new battleground, as the same report states: the growing number of mega breaches has led to a wide availability of compromised credentials that can be recycled for password-spraying or credential-stuffing attacks. These attacks are convenient and effective because of their relatively low effort and, in contrast, the high return on investment given the value of a compromised account.

Inevitably, this simplicity has ended up attracting the unwelcome attention of state-sponsored actors, such as APT28 (AKA Fancy Bear, Sofacy, or STRONTIUM) and the Iran-linked DEV-0343, just to mention two recent campaigns targeting cloud accounts. Sadly this is not enough to raise awareness and push the enforcement of stronger security policies, considering that another study from Microsoft revealed that 99.9% of compromised accounts do not use MFA.

How Netskope helps to enforce stronger security policies and mitigates the risk of compromised accounts.

Netskope SaaS Security Posture Management (SSPM) can continuously scan SaaS applications, such as Microsoft 365, to enforce security policies, detect misconfigurations, drive the remediation process and ensure compliance with best practices and common standards such as CIS, PCI-DSS, NIST, HIPAA. In this specific case, SSPM can alert if the organization lacks multi-factor authentication for administrators (rule “Ensure multi-factor authentication is enabled for all users in administrative roles”), and multi-factor authentication for all users in all roles (rule “Ensure multi-factor authentication is enabled for all users in all roles”). Both rules are part of the predefined profiles CIS-OFFICE_1.2.0, CSA-CCM-4.0, GDPR-2016-679, HIPAA-1996, ISO-27002-2013, NIST-CSF-1.1, NIST-800-53-4, PCI-DSS-3.0, AICPA-SOC-TSC-2017.

Similar controls are also available for IaaS platforms, such as AWS, Microsoft Azure, and Google Cloud Platform. In both scenarios, it is possible to write custom rules via the Domain Specific Language.

In combination with the award-winning CASB, it is also possible to detect compromised credentials and other anomalies via the UEBA engine such as brute-force attacks and anomalous access attempts.

Additionally, Netskope Advanced Analytics provides specific dashboards to assess the risk of cloud misconfigurations, with rich details and insights, supporting the security teams in the remediation process.

Stay safe!