Cyberattackers Double Down on Bypassing MFA

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Content source
https://www.darkreading.com/threat-intelligence/cyberattackers-double-down-bypassing-mfa
As companies increasingly require stronger versions of security for their employees and customers, attackers are getting better at bypassing multifactor authentication (MFA), resulting in a steady stream of compromises, such as this week's announcement of a data leak at cybersecurity firm LastPass and the announced breach at social media service Reddit earlier in February.

While multiple ways exist to bypass the flawed security of two-factor authentication (2FA) that uses one-time passwords (OTPs) sent through short message service (SMS) texts, systems protected by push notifications or using hardware tokens are considered much harder to compromise. Yet attackers have landed on a trio of techniques to get around the additional security: MFA flooding, proxy attacks, and session hijacking — focused on the user, the network, and the browser, respectively.
Click to expand...
www.darkreading.com

Cyberattackers Double Down on Bypassing MFA

As companies increasingly adopt MFA, cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.
www.darkreading.com www.darkreading.com
 
  • +Reputation
  • Like
  • Thanks
Reactions: Gandalf_The_Grey, Azure, Zero Knowledge and 5 others
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,026
Quote from above link

To defend against the latest attacks, companies should deploy phishing-resistant MFA, which consists of something you own, such as a hardware key, and something you are, such as a biometric. Common hardware key solutions, such as Yubikey, have made phishing-resistant MFA more easy to deploy, says NCC Group's LaRose.
Click to expand...

Unquote

Going the way soonest. 😁
 
Last edited:
  • Like
Reactions: MuzzMelbourne, Azure and Zero Knowledge
Victor M

Victor M

Level 8
Verified
Well-known
Oct 3, 2022
361
I've had my Yubikey 5 for several years now. No problem at all.
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Cisco Duo warns third-party data breach exposed SMS MFA logs
Replies
1
Views
585
Security News
Practical Response
Practical Response
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Retool blames breach on Google Authenticator MFA cloud sync feature
Replies
8
Views
1,656
News Archive
Sandbox Breaker
Sandbox Breaker
vtqhtr413
    • Like
Business email Phishing campaigns increase in complexity, bypass MFA
Replies
1
Views
787
News Archive
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top