The National Security Agency (NSA) late last week released new guidance on cloud security to defend against cyber threats that manipulate authentication environments.

Click here to find the guidance

The Detecting Abuse of Authentication Mechanisms advisory provides guidance to National Security System (NSS), the Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators. It aims to “detect and mitigate against malicious cyber actors who are manipulating trust in Federal authentication environments to access protected data in the cloud.”

The advisory discusses detection and mitigation of “two tactic, technique, and procedures” (TTPs) to forge authentications and gain access to cloud resources. One such TTP includes the actors compromising on-premises components of a federated single sign-on (SSO) infrastructure and steal credentials or keys that are used to sign Security Assertion Markup Language (SAML). The second TTP sees threat actors leveraging “a compromised global administrator account to assign credentials to cloud application service principles.”

Read more at NSA Releases Guidance on Authentication Security for Cloud Systems