Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs.
SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in response to increased attacker activity to exploit failure points.
As is often the case when compromising systems, attackers have not reinvented the wheel to circumvent MFA, or 2FA, as it is also known.
The old school methods of social engineering, malware, and phishing are working just fine.
The good news is that many attacks can be defended with strong policy enforcement, robust end-point protection, and user education.
With many corporate and home users believing that MFA is virtually unbreakable, they are potentially the weakest link in a company's defenses.
How attackers bypass MFA. The 'Approve Sign-in' method of MFA is very popular with users because it is a simple click.
Once they have a user's stolen credentials either from their own reconnaissance or bought on the dark web, the attacker simply enters them in repeatedly.
It is only a matter of time until they catch someone distracted, tired or fed-up with receiving multiple messages.
Attackers use phishing emails to persuade unwary users to enter their one-time passcodes into a fake website.
Or they obtain stolen copies of the SIM card and simply receive the codes directly.
Using SMS for 2FA is particularly vulnerable to attack, and while companies should actively take steps to start using other types of authentication, SE Labs believe it is still better than not using MFA at all.
Otherwise known as session hijacking or cookie hijacking, the attacker doesn't need to engage in the MFA process at all.
While there are several different methods of carrying out an attack, given the increased use of encryption on websites, it is mostly likely that malware is initially used to steal the cookies from the target.
Once the attacker has this information, they simply need to wait until the victim logs in correctly and then take over the connection.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 26 Dec 2023 05:43:04 +0000