Amazon Web Services (AWS) said it will require multi-factor authentication (MFA) for all privileged accounts starting mid-2024, in a bid to improve default security and reduce the risk of account hijacking. MFA is a critical step to mitigate the risks posed by phishing attacks on employees. An IBM X-Force study last month revealed that the top initial access vector for cloud compromise between June 2022 and June 2023 was the use of valid credentials by threat actors.
Read more: https://www.infosecurity-magazine.com/news/aws-multifactor-authentication-2024/