Cyberattackers Double Down on Bypassing MFA

[MuzzMelbourne]

Content source

https://www.darkreading.com/threat-intelligence/cyberattackers-double-down-bypassing-mfa

As companies increasingly require stronger versions of security for their employees and customers, attackers are getting better at bypassing multifactor authentication (MFA), resulting in a steady stream of compromises, such as this week's announcement of a data leak at cybersecurity firm LastPass and the announced breach at social media service Reddit earlier in February.

While multiple ways exist to bypass the flawed security of two-factor authentication (2FA) that uses one-time passwords (OTPs) sent through short message service (SMS) texts, systems protected by push notifications or using hardware tokens are considered much harder to compromise. Yet attackers have landed on a trio of techniques to get around the additional security: MFA flooding, proxy attacks, and session hijacking — focused on the user, the network, and the browser, respectively.

Cyberattackers Double Down on Bypassing MFA

As companies increasingly adopt MFA, cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.

www.darkreading.com

 

[HarborFront]

Quote from above link

To defend against the latest attacks, companies should deploy phishing-resistant MFA, which consists of something you own, such as a hardware key, and something you are, such as a biometric. Common hardware key solutions, such as Yubikey, have made phishing-resistant MFA more easy to deploy, says NCC Group's LaRose.

Unquote

Going the way soonest.

 

[ForgottenSeer 98186]

Going the way soonest.

1. Yubikey and FIDO2 keys
2. Biometrics (fingerprint)

 

[HarborFront]

1. Yubikey and FIDO2 keys
2. Biometrics (fingerprint)

Likely Yubikey 5 NFC

Yubikey Biometrics not supporting NFC for phone use

 

[Victor M]

I've had my Yubikey 5 for several years now. No problem at all.