A series of numerous cyber-attacks has prompted the US Cybersecurity and Infrastructure Agency (CISA) to issue a warning to organizations to secure their cloud-based accounts.

Based on an advisory by the CISA, the number of successful cyber-attacks has increased greatly since the COVID-19 pandemic has forced employees to work remotely.

The CISA believes that the hackers used a method called “pass-the-cookie” to work around the Multi-Factor-Authentication (MFA) security. This method of infiltration involves hackers having access to a user’s computer, taking their browser cookies, and inserting them into their own browser to log on as the infected user.

Although hackers were able to work around the MFA, this does not mean you should not use it. MFA can significantly increase your online security, but no account will still be totally 100% secure.

Keep in mind that these attacks required the hackers to have access to a user’s computer to obtain the login information. This can be done through Phishing email attacks that want you to install a file that contains hidden malware onto your system, granting hackers access to your computer.

An example of this goes back to 2018, when users of the cryptocurrency exchange ‘Binance’ were sent a Phishing email that directed people supposedly to Binance’s website and asked users for their passwords and MFA codes. Since the MFA codes stayed active for 30 seconds, it could be used by the hackers to log onto the real Binance website as someone else.

Unfortunately, these kinds of attacks are everywhere, that’s why it’s important to be educated with these attacks so you will know what emails to avoid.