Learn how Hackers are Bypassing MFA with Astonishing Accuracy
Understanding and preparing for how cybercriminals are bypassing Multi-Factor Authentication (MFA) is imperative for protecting your organization. The Cybersecurity & Infrastructure Security Agency (CISA) issued a warning in early 2021 that cybercriminals are using the cloud to bypass MFA. Threat actors are abusing the trust in authenticated services that many organizations rely on heavily for protection. Yet, according to a recent Osterman study, 74% of security professionals from mid to large-sized organizations believe MFA is the most effective mitigation against credential stealing.
There are multitudes of techniques hackers are using to bypassing MFA. Understanding and preparing for how these silent but dangerous attacks are hacking into human vulnerabilities will help your organization develop a plan to assess your vulnerabilities, train your people, use the right tools to protect and respond to these types of threats.
These attacks are challenging organizations by using the cloud, AI, and behavioral targeting to increasing success. Targeting users through compromised cloud infrastructure, rogue software, man-in-the-middle attacks, fake 2FA requests, and security warnings increase the likelihood that people will fall for these attacks and ultimately lead to a breach.
MFA is still one of the most effective mitigations against credential stealing because it increases the difficulty of leveraging compromised credentials to breach an organization. Yet MFA is not foolproof. Cybercriminals are compromising MFA in several ways, including:
- Capturing login activity using fake-destination login sites
- Gathering MFA credentials delivered via email that have already been compromised
- Malicious Browser Extensions that hijack already authenticated sessions to log in to online services or web apps
- Phishing to Fake Login Authentication Sites asking for credentials and MFA authentication
- Exploiting Forwarding Rules to gain authentication with previously compromised credentials
- Browser canvas takeovers with scripts to capture and immediately act on an MFA entry to gain access
To learn more about these attacks and others bypassing MFA, watch the latest episode of SlashNext’s Phish Stories with SlashNext’s founder and cybersecurity expert, Atif Mushtaq, and SlashNext CEO Patrick Harr. Available on-demand at /phish-stories-webinar-series/