Security Alert: Attacks That Bypass MFA

As you know, Multi-factor Authentication or MFA  is a prime defensive weapon used by organizations to guard against hackers. The FBI is warning businesses of increasing attacks against companies using tactics that can bypass MFA.

Tactics used by criminals to bypass MFA

  • SIM Swapping – using social engineering, an attacker convinces a cell phone carrier to switch a victim’s phone number to a new device, owned by the hacker. Then the attacker accesses the victim’s bank accounts, credit card numbers, etc.
  • Man-in-the-middle Attacks – a hacker intercepts a conversation between two parties, gains access to information that they were sharing, and steals login credentials, personal information, etc.
  • Using Muraena and NecroBrowser – both tools work together to intercept traffic between a user and a website, request login credentials, and token code. NecroBrowser then stores the information and hijacks the session cookie, giving hackers access to private accounts.
  • Fake Text Messages– criminals send a text message, impersonating the victim’s financial institution, asking them to click on the embedded link sending the victim to a fake website. Once on the fake website, the victim gives up his or her login information, etc.
  • Flawed Legitimate Websites– using stolen login credentials, attackers may be able to enter manipulated strings into a flawed website that requires MFA and in effect, trick the legitimate site into authenticating the user.

Don’t give up on Multi-factor Authentication

MFA is still one of the most effective ways to thwart cyber-criminals and should be used whenever available. However, it is important to note that hackers do have ways around it; making it important to take precautions. A layered security approach is best:

  • Make sure ALL devices have anti-virus and anti-malware protection.
  • NEVER click on links in unexpected emails or texts.
  • Only visit legitimate websites and be very cautious about clicking on links.
  • Don’t access websites from links in emails or texts and NEVER enter login credentials or confidential information unless you are sure the site is legitimate, secure, and one that you entered the URL directly into your browser.
  • Do not click on shortened links anywhere unless you’ve checked them out first with a URL Expander, and you’re sure are legitimate.
  • NEVER open attachments in unexpected emails.
  • Always backup your data using a Hybrid-cloud Business Continuity Solution.

 XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment