3 main tactics attackers use to bypass MFA

Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs.
SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in response to increased attacker activity to exploit failure points.
As is often the case when compromising systems, attackers have not reinvented the wheel to circumvent MFA, or 2FA, as it is also known.
The old school methods of social engineering, malware, and phishing are working just fine.
The good news is that many attacks can be defended with strong policy enforcement, robust end-point protection, and user education.
With many corporate and home users believing that MFA is virtually unbreakable, they are potentially the weakest link in a company's defenses.
How attackers bypass MFA. The 'Approve Sign-in' method of MFA is very popular with users because it is a simple click.
Once they have a user's stolen credentials either from their own reconnaissance or bought on the dark web, the attacker simply enters them in repeatedly.
It is only a matter of time until they catch someone distracted, tired or fed-up with receiving multiple messages.
Attackers use phishing emails to persuade unwary users to enter their one-time passcodes into a fake website.
Or they obtain stolen copies of the SIM card and simply receive the codes directly.
Using SMS for 2FA is particularly vulnerable to attack, and while companies should actively take steps to start using other types of authentication, SE Labs believe it is still better than not using MFA at all.
Otherwise known as session hijacking or cookie hijacking, the attacker doesn't need to engage in the MFA process at all.
While there are several different methods of carrying out an attack, given the increased use of encryption on websites, it is mostly likely that malware is initially used to steal the cookies from the target.
Once the attacker has this information, they simply need to wait until the victim logs in correctly and then take over the connection.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 26 Dec 2023 05:43:04 +0000


Cyber News related to 3 main tactics attackers use to bypass MFA

What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
11 months ago Techtarget.com
MFA and supply chain security: It's no magic bullet - With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments. Attackers are targeting ...
11 months ago Securityboulevard.com
Misconfigured MFA Increasingly Targeted by Cybercriminals - In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report. A quarter of these incidents were caused by users accepting fraudulent ...
4 months ago Securityboulevard.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
8 months ago Techrepublic.com
Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
6 months ago Bleepingcomputer.com
3 main tactics attackers use to bypass MFA - Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in ...
10 months ago Helpnetsecurity.com
Badge Makes Device-Independent Authentication Platform Available - Badge Inc. today announced that a namesake platform that enables end users to securely be authenticated on-demand using any device is now generally available. The company has allied with Okta to provide integration with an identity access management ...
10 months ago Securityboulevard.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
11 months ago Darkreading.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
11 months ago Darkreading.com
Cisco Duo and ISE: Better together in the cybersecurity battlefield - Luckily for you, Cisco Duo and ISE are the perfect pair to protect your network. Think of Cisco Duo's multi-factor authentication as the added layer of security that verifies a user's identity at the time of login, like a high-tech forcefield that ...
11 months ago Feedpress.me
Don't phish for deals this holiday season - This season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users' credentials and take control of their accounts. While education on ...
11 months ago Securityboulevard.com
What to do when receiving unprompted MFA OTP codes - Receiving an unprompted one-time passcode sent as an email or text should be a cause for concern as it likely means your credentials have been stolen. One of the initial components of a cyberattack is the theft of legitimate credentials to corporate ...
11 months ago Bleepingcomputer.com
Exploring The Benefits Of Multi-Factor Authentication For Security - That's why I want to talk about multi-factor authentication benefits, a security protocol that requires multiple methods of verification from independent categories of credentials. Traditional security often hinges on just one factor - something you ...
10 months ago Securityboulevard.com
Microsoft will roll out MFA-enforcing policies for admin portal access - Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. The company will also ...
11 months ago Bleepingcomputer.com
Defusing the threat of compromised credentials - In the end, some employees who were targeted approved the MFA requests and the attackers gained access to these accounts. Most phishing attacks employ similar social engineering techniques to trick users into turning over their credentials. Attackers ...
7 months ago Feedpress.me
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
11 months ago Securityboulevard.com
The Absolute Necessity of Multi-Factor Authentication - In an increasingly digital age, the basic username-password combination is no longer sufficient to safeguard online accounts. Two words, one huge security difference: Multi-Factor Authentication. Multi-Factor Authentication is a security method that ...
11 months ago Securityboulevard.com
Microsoft Authenticator now blocks suspicious MFA alerts by default - Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. Microsoft Authenticator is an app that provides multi-factor ...
11 months ago Bleepingcomputer.com
Discord adds Security Key support for all users to enhance security - Discord has made security key multi-factor authentication available for all accounts on the platform, bringing significant security and anti-phishing benefits to its 500+ million registered users. The popular social platform first highlighted the ...
11 months ago Bleepingcomputer.com
China-Sponsored Attackers Target 40K Corporate Users in 90 Days - Three novel credential-phishing campaigns have emerged from state-sponsored actors that have compromised at least 40,000 corporate users - including top-level executives - in just three months' time, researchers have found. The attacks target a range ...
4 months ago Darkreading.com
CVE-2023-52851 - In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL in mlx5_mkey_cache_init(), ...
6 months ago Tenable.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
11 months ago Feeds.fortinet.com
Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
10 months ago Hackread.com
Recommendations that defenders can use from Talos' Year in Review Report - The Talos Year in Review is available now and contains a wealth of insights about how the threat landscape has shifted in 2023. With new ransomware strains emerging from leaked source code, commodity loaders adding more reconnaissance measures to ...
11 months ago Blog.talosintelligence.com
New Endpoint Protection Platform by Cigent Blocks Ransomware at the Data Level - A new endpoint data protection platform from Cigent Technology refocuses ransomware prevention onto protecting customer data from both encryption and exfiltration. With no loss of data, criminal extortion is prevented. The common approach today is to ...
5 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)