Hackers use various social engineering methods to bypass MFA certification and steal data.
See also: Amazon: makes MFA mandatory for 'root' AWS accounts
One recommendation that stands out for Security access is the use of multi-factor authentication (MFA). When passwords are an easy task for hackers, MFA provides an essential layer of protection against breaches. However, it is important to remember that MFA is not impenetrable. It can be circumvented and often is.
When a password is leaked, there are several options available to hackers who wish to bypass the additional protection of multi-factor authentication (MFA). We will explore four social engineering tactics that hackers successfully use to breach MFA and emphasize the importance of having a strong password as part of the defense.
1. Adversary-in-the-middle (AITM) attacks
AITM attacks involve deceiving users about the authenticity of a network, application or website. But in reality, they actually deliver the information through a fraud that looks authentic. This allows hackers to tamper with passwords and spoof security measures, including prompts for multiple authentication. For example, an email spear-phishing can reach the employee's inbox, presenting himself as a reliable source. By clicking on the embedded link, it directs them to a fake website where hackers collect their login credentials.
2. MFA prompt bombing
This social engineering tactic exploits the feature of push notifications in modern identification applications, with hackers sending a multi-factor alert (MFA) to the Device the legitimate user. They are either based on the user being misled into thinking it is a genuine notification and accepting it, or getting tired of the repeated suggestions and accepting one to stop the notifications. This technique, known as MFA prompt bombing, is an important threat.
See also: Microsoft: mandatory use of MFA for access to admin portals
3. Service desk attacks
Attackers hijack helpdesks to bypass dual authentication by spoofing forgotten passwords and gaining access via phone calls. If service support agents fail to enforce proper verification procedures, they may indefinitely grant hackers an initial entry into their environment. A recent example was the attack on MGM Resortswhere the hacker group Scattered Spider tricked the service desk into resetting the password, giving them a help to log in and perform a ransomware attack. Through this social engineering technique, hackers attempt to exploit recovery settings and backup procedures by altering service desks to bypass the MFA.
4. SIM swapping
The cybercriminals are aware that the MFA often relies on mobile phones as a means of authentication. They can exploit this with a technique called "SIM swapping", where hackers trick service providers into transferring a target's services to a SIM card under their control. Thus, they can effectively take over service and the target's phone number, allowing them to interfere with multifactor authentication prompts and gain unauthorized access to the target's phone number. Accessed at in accounts.
See also: Microsoft Authenticator: automatically blocks suspicious MFA alerts
How can one recognise and deal with social engineering?
Social engineering is a tactic used by attackers to exploit human psychology and bypass security systems. It can include deception, illusion, pressure and other tactics.
To recognise an attempt at social engineering, it is important to be aware of the different forms it can take. This can include email fraud, misinformation, misinformation, and attack 'man-in-the-middle', misrepresentation and other tactics.
Education and awareness-raising are vital to tackle social engineering. Learn to recognise the signs of a social engineering attack such as unexpected or suspicious communications, sudden changes in the behaviour of your colleagues or contacts, or a feeling that something is not right.
It is also important to use security technologies to protect yourself and your organisation from social engineering. This may include using firewall, software antivirus, intrusion detection systems and other security tools.
Finally, it is important to have a clear and flexible response plan in case you fall victim to social engineering. This may include reporting the attack to the relevant authorities, changing passwords and contacting security experts.
Source: thehackernews
