All IDCA News

By Loading

2 Nov 2022

Share on social media:

Attackers Are Bypassing Multi-Factor Authentication in Cyberspace

In the last few months, high-profile data breaches have put personal information at risk. These security breaches typically require hackers to guess or brute force a username and password.

In response to these challenges, some businesses and websites use two-factor authentication to protect their accounts.

This authentication requires users to input something they know (username and password) and something they have - such as an access code sent via text message.

Although this adds another layer of protection; however, hackers can bypass this requirement by gaining control. Once in control, they can redirect any incoming messages from the account holder's service provider to themselves and use them as part of the two-factor authentication process.

In September, attackers attempted to log in to Uber with the credentials they acquired on the dark web. Although they were repeatedly blocked by multi-factor authentication, eventually, they managed to successfully get into the Uber contractor's account and wreak havoc.

In addition, they had access to various company tools, such as Google suite and Slack. More embarrassing, in August, attackers could compromise Twilio's widely-used MFA service.

They did so by tricking many employees of Twilio into sharing their credentials and MFA authorizations. As a result, dozens of Twilio customers were compromised, including Okta and Signal.

On top of undermining the security of online services and tricking employees into approving illicit access requests, cyber attackers have also taken to circumvent multi-factor authentication, according to a report published this summer by Microsoft's Threat Intelligence Center.

The research showed that adversaries attacked more than 10,000 organizations in this way in the last year. They managed this by tricking users into accessing the organization's network, then quickly leveraging it to harm.

"The most successful MFA cyber-attacks are based in social engineering, with all types of phishing being the most commonly used," "These attacks, when carried out properly, have a fairly high probability of success to the unsuspecting user." So said Walt Greene, founder, and CEO of consulting firm QDEx Labs.

In an age without passwords, new security methods must be put into effect by cybersecurity managers to create safe data center environments. However, until this becomes possible, cybersecurity measures to increase password security must be taken to ensure safe security environments.

In addition, data centers should understand how to use multi-factor authentication to secure data center operations and support their MFA efforts with business units or other customers.

Also, Read Bridge Data Centres are Expanding to Thailand

Follow us on social media: