Contact us today!
(954) 575-3992
facebook linkedin Business Solutions & Software Group RSS Feed

Michael DeMarco

Business Solutions & Software Group has been serving the Coral Springs area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Hackers Are Finding Holes in Multi-Factor Authentication

Hackers Are Finding Holes in Multi-Factor Authentication

We know we hype up multi-factor authentication, or MFA, quite a bit on this blog, and for good reason. When implemented correctly, it can be an effective deterrent for many cyberthreats out there. However, as they often do, hackers have found ways around MFA. Let’s take a look at how hackers find ways around MFA protection.

Why is MFA So Effective?

By far the most common way hackers gain access to accounts is through phishing schemes in which they convince users to willingly hand over information like passwords and usernames. Other times hackers might just guess some of the commonly used weak passwords and get lucky. In either case, using the secondary credential offered by MFA means that there is an additional level of security, effectively preventing hackers from accessing accounts.

Or so we thought.

What’s Happening with Hackers and MFA?

Recent attacks detailed by Microsoft have shown that it is indeed possible for hackers to bypass multi-factor authentication protocols put into place by businesses. Note the word used—bypass—rather than breaking into. Hackers aren’t actually breaking through MFA; all they are doing is finding alternative ways around it.

It’s like taking a walk down a forest path only to find that a tree has fallen, blocking your way. Sure, you could waste half the day chopping away at it with an ax… or you could walk around it.

The most popular way of bypassing MFA is through the use of adversary-in-the-middle attacks in which the hacker uses a phishing attack in conjunction with a proxy server between the victim and the service they are logging into. The hacker is able to steal the password as well as the session cookie. The user gains access to their account with no reason to suspect they have been hacked, but they have in reality given piggybacked access to their account to the hacker.

Other Methods Used by Hackers to Work Around MFA

Of course, hackers can also use other methods to bypass multi-factor authentication, if they are willing to work hard enough. If the system uses SMS messages or email codes, and they have been able to convince the user to hand over these in addition to the other login methods, then they can effectively gain access to the account in the same way as if that secondary credential didn’t even exist.

Other methods hackers can use to bypass MFA include using trojans to spy on users or to take over devices used to authenticate a system. Ultimately, if the account’s login portal depends on something that the user knows, like a code, then it can inevitably be exploited by crafty criminals.

What’s the Best Approach?

We are of the mind that the best defense against hacking attacks is to educate people on how they work in tandem with appropriate security solutions. In this case, we certainly don’t recommend against implementing multi-factor authentication; in fact, we encourage it. However, you’ll only get so far with your technology solutions if you don’t take the time to teach your employees why they are important.

We can help you implement the best enterprise-grade security solutions on the market, and coupled with comprehensive training and testing, your team will be prepared to handle just about any phishing attacks leveraged against them. To learn more about how we can help your business, contact us at (954) 575-3992.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 21 November 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Latest News

Our Site Has Launched!

flag

Welcome to Our New Site!
We are proud to announce the unveiling of our new website at Business Solutions & Software Group!

Read more...

Contact Us

Learn more about what Business Solutions & Software Group can do for your business.

callphone

Call us today    (954) 575-3992

10211 W Sample Road
Suite 114
Coral Springs, Florida 33065

facebook linkedin #