Misconfigured MFA Increasingly Targeted by Cybercriminals

In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report.
A quarter of these incidents were caused by users accepting fraudulent MFA push notifications originating from attackers, while 21% of incidents were due to improper MFA implementation.
The report revealed the most common MFA bypass attempts observed were MFA push attacks.
In these scenarios, attackers who have obtained a user's password bombard the user's MFA-enabled device with push notifications, hoping the user will eventually accept one.
Attackers have become more creative in their MFA bypass techniques, for example stealing authentication tokens from employees and replaying session tokens with completed MFA checks, allowing attackers to impersonate trusted users and move laterally across networks.
Attackers have also used social engineering tactics to convince IT departments to add new MFA-enabled devices controlled by the attackers.
The report noted instances where contractors were compromised, and their phone numbers changed to receive MFA codes on the attacker's device.
Other techniques include gaining administrative privileges on compromised endpoints to deactivate MFA software and conducting insider attacks where compromised employees approve MFA push notifications sent by attackers.
The Tycoon 2FA platform, for example applies the attacker-in-the-middle technique, where an attacker server hosts a phishing web page, intercepts victims' inputs, and relays them to the legitimate service.
This tool now incorporates MFA prompts, capturing session cookies if users accept the request, allowing attackers to bypass MFA even if credentials have been changed.
Jasson Cassey, CEO of Beyond Identity, pointed to the Verizon DBIR 2024 report, which found credential theft and phishing are the top two entry points for bad actors in web applications.
He added it's a misconception that push notifications and challenge questions are more secure because neither requires communication through a mobile network, which exposes an additional threat vector of SIM swapping attacks.
Cassey said the best way to ensure that MFA is secure and effective is to configure phishing-resistant MFA by default for application access.
Patrick Tiquet, vice president of security and architecture at Keeper Security, said employee training and education on cybersecurity best practices are crucial for protecting an organization from evolving cyber threats.
Employees must also be trained to question unexpected notifications immediately and report any suspicious activity without delay.
Tiquet recommended simulated phishing attacks and push notification exercises to help employees recognize and respond to threats.
Employing zero-trust architecture, where every request is verified regardless of its origin, and implementing the principle of least privilege further strengthens an organization's defense against most cyberattacks.
Transitioning to a zero-trust security model and implementing the principle of least privilege are recognized as best practices.


This Cyber News was published on securityboulevard.com. Publication date: Wed, 26 Jun 2024 19:13:05 +0000


Cyber News related to Misconfigured MFA Increasingly Targeted by Cybercriminals

What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
1 year ago Techtarget.com
Misconfigured MFA Increasingly Targeted by Cybercriminals - In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report. A quarter of these incidents were caused by users accepting fraudulent ...
5 months ago Securityboulevard.com
MFA and supply chain security: It's no magic bullet - With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments. Attackers are targeting ...
1 year ago Securityboulevard.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
9 months ago Techrepublic.com
Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
7 months ago Bleepingcomputer.com
Badge Makes Device-Independent Authentication Platform Available - Badge Inc. today announced that a namesake platform that enables end users to securely be authenticated on-demand using any device is now generally available. The company has allied with Okta to provide integration with an identity access management ...
11 months ago Securityboulevard.com
Cisco Duo and ISE: Better together in the cybersecurity battlefield - Luckily for you, Cisco Duo and ISE are the perfect pair to protect your network. Think of Cisco Duo's multi-factor authentication as the added layer of security that verifies a user's identity at the time of login, like a high-tech forcefield that ...
1 year ago Feedpress.me
3 main tactics attackers use to bypass MFA - Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in ...
11 months ago Helpnetsecurity.com
Don't phish for deals this holiday season - This season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users' credentials and take control of their accounts. While education on ...
1 year ago Securityboulevard.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com
Microsoft will roll out MFA-enforcing policies for admin portal access - Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. The company will also ...
1 year ago Bleepingcomputer.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com
Defusing the threat of compromised credentials - In the end, some employees who were targeted approved the MFA requests and the attackers gained access to these accounts. Most phishing attacks employ similar social engineering techniques to trick users into turning over their credentials. Attackers ...
8 months ago Feedpress.me
What to do when receiving unprompted MFA OTP codes - Receiving an unprompted one-time passcode sent as an email or text should be a cause for concern as it likely means your credentials have been stolen. One of the initial components of a cyberattack is the theft of legitimate credentials to corporate ...
1 year ago Bleepingcomputer.com
Exploring The Benefits Of Multi-Factor Authentication For Security - That's why I want to talk about multi-factor authentication benefits, a security protocol that requires multiple methods of verification from independent categories of credentials. Traditional security often hinges on just one factor - something you ...
11 months ago Securityboulevard.com
The Absolute Necessity of Multi-Factor Authentication - In an increasingly digital age, the basic username-password combination is no longer sufficient to safeguard online accounts. Two words, one huge security difference: Multi-Factor Authentication. Multi-Factor Authentication is a security method that ...
1 year ago Securityboulevard.com
Microsoft Authenticator now blocks suspicious MFA alerts by default - Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage. Microsoft Authenticator is an app that provides multi-factor ...
1 year ago Bleepingcomputer.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
1 year ago Securityboulevard.com
The old, not the new: Basic security issues still biggest threat to enterprises - Attacks on critical infrastructure reveal industry faux pas. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. X-Force analysis ...
9 months ago Helpnetsecurity.com
Abnormal Security Shares Examples of Attacks Using Generative AI - Abnormal Security has published examples of cyberattacks that illustrate how cybercriminals are beginning to leverage generative artificial intelligence to launch cyberattacks. In one example, a cybercriminal posed as a customer service ...
11 months ago Securityboulevard.com
Meeting the Necessary Cyber Insurance Demands Is Your Business Ready - As cyberattacks become increasingly common, insurance companies are raising the bar for cyber insurance policies. Last year, ransomware attacks rose by 80%, leading to a record number of claims. To prevent ransomware and other cyberattacks, ...
1 year ago Thehackernews.com
Discord adds Security Key support for all users to enhance security - Discord has made security key multi-factor authentication available for all accounts on the platform, bringing significant security and anti-phishing benefits to its 500+ million registered users. The popular social platform first highlighted the ...
1 year ago Bleepingcomputer.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com
Recommendations that defenders can use from Talos' Year in Review Report - The Talos Year in Review is available now and contains a wealth of insights about how the threat landscape has shifted in 2023. With new ransomware strains emerging from leaked source code, commodity loaders adding more reconnaissance measures to ...
1 year ago Blog.talosintelligence.com
IT helpdeskers increasingly targeted by cybercriminals The Register - It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing greater rates of success. Keen infosec watchers will remember last year ...
9 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)