Prepare Your Organization for MFA Compromise

Post published:April 17, 2021
Post category:Phishing / Remote Working / Social Engineering

Prepare Your Organization for MFA Compromise

Learn how Hackers are Bypassing MFA with Astonishing Accuracy

Understanding and preparing for how cybercriminals are bypassing Multi-Factor Authentication (MFA) is imperative for protecting your organization. The Cybersecurity & Infrastructure Security Agency (CISA) issued a warning in early 2021 that cybercriminals are using the cloud to bypass MFA. Threat actors are abusing the trust in authenticated services that many organizations rely on heavily for protection. Yet, according to a recent Osterman study, 74% of security professionals from mid to large-sized organizations believe MFA is the most effective mitigation against credential stealing.

There are multitudes of techniques hackers are using to bypassing MFA. Understanding and preparing for how these silent but dangerous attacks are hacking into human vulnerabilities will help your organization develop a plan to assess your vulnerabilities, train your people, use the right tools to protect and respond to these types of threats.

These attacks are challenging organizations by using the cloud, AI, and behavioral targeting to increasing success. Targeting users through compromised cloud infrastructure, rogue software, man-in-the-middle attacks, fake 2FA requests, and security warnings increase the likelihood that people will fall for these attacks and ultimately lead to a breach.

MFA is still one of the most effective mitigations against credential stealing because it increases the difficulty of leveraging compromised credentials to breach an organization. Yet MFA is not foolproof. Cybercriminals are compromising MFA in several ways, including:

Capturing login activity using fake-destination login sites
Gathering MFA credentials delivered via email that have already been compromised
Malicious Browser Extensions that hijack already authenticated sessions to log in to online services or web apps
Phishing to Fake Login Authentication Sites asking for credentials and MFA authentication
Exploiting Forwarding Rules to gain authentication with previously compromised credentials
Browser canvas takeovers with scripts to capture and immediately act on an MFA entry to gain access

To learn more about these attacks and others bypassing MFA, watch the latest episode of SlashNext’s Phish Stories with SlashNext’s founder and cybersecurity expert, Atif Mushtaq, and SlashNext CEO Patrick Harr. Available on-demand at /phish-stories-webinar-series/

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.

The State of Phishing 2023

It’s Time to Get Started with SlashNext

Get a Customized Risk Assessment

Get a Customized Risk Assessment

Request a Meeting or Demo

Prepare Your Organization for MFA Compromise

Blog Subscription

Recent Blogs

Think Security Training Will Save You From Phishing Attacks? Think Again!

Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls

Categories

It’s Time to Get Started with SlashNext

MAY 6-9

Meet SlashNext
at RSAC 2024

The State of Phishing 2023

It’s Time to Get Started with SlashNext

Get a Customized Risk Assessment

Get a Customized Risk Assessment

Request a Meeting or Demo

Think Security Training Will Save You From Phishing Attacks? Think Again!

Evolving Cyber Threats: Insights and Strategies from the 2023 FBI IC3 Report

Threat Actors are Exercising New Attack Techniques to Bypass Machine Learning Security Controls

It’s Time to Get Started with SlashNext

MAY 6-9

Meet SlashNext at RSAC 2024

Meet SlashNext
at RSAC 2024