Cyberattackers Double Down on Bypassing MFA

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Content source
https://www.darkreading.com/threat-intelligence/cyberattackers-double-down-bypassing-mfa
As companies increasingly require stronger versions of security for their employees and customers, attackers are getting better at bypassing multifactor authentication (MFA), resulting in a steady stream of compromises, such as this week's announcement of a data leak at cybersecurity firm LastPass and the announced breach at social media service Reddit earlier in February.

While multiple ways exist to bypass the flawed security of two-factor authentication (2FA) that uses one-time passwords (OTPs) sent through short message service (SMS) texts, systems protected by push notifications or using hardware tokens are considered much harder to compromise. Yet attackers have landed on a trio of techniques to get around the additional security: MFA flooding, proxy attacks, and session hijacking — focused on the user, the network, and the browser, respectively.
Click to expand...
www.darkreading.com

Cyberattackers Double Down on Bypassing MFA

As companies increasingly adopt MFA, cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.
www.darkreading.com www.darkreading.com
 
  • +Reputation
  • Like
  • Thanks
Reactions: Gandalf_The_Grey, Azure, Zero Knowledge and 5 others
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,176
Quote from above link

To defend against the latest attacks, companies should deploy phishing-resistant MFA, which consists of something you own, such as a hardware key, and something you are, such as a biometric. Common hardware key solutions, such as Yubikey, have made phishing-resistant MFA more easy to deploy, says NCC Group's LaRose.
Click to expand...

Unquote

Going the way soonest. 😁
 
Last edited:
  • Like
Reactions: MuzzMelbourne, Azure and Zero Knowledge
Victor M

Victor M

Level 16
Verified
Top Poster
Well-known
Oct 3, 2022
758
I've had my Yubikey 5 for several years now. No problem at all.
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Hundred Points
    • Applause
Scams & Phishing News New Rockstar 2FA phishing service targets Microsoft 365 accounts
Replies
0
Views
268
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Cisco Duo warns third-party data breach exposed SMS MFA logs
Replies
1
Views
1,823
Security News
ForgottenSeer 109138
F
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Retool blames breach on Google Authenticator MFA cloud sync feature
Replies
8
Views
2,158
News Archive
Sandbox Breaker - DFIR
Sandbox Breaker - DFIR

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top