Are You Having A Technology Emergency?

Martech Business Solutions Blog

Martech Business Solutions has been serving the Michigan area since 1988, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Hackers Are Finding Holes in Multi-Factor Authentication

Hackers Are Finding Holes in Multi-Factor Authentication

We know we hype up multi-factor authentication, or MFA, quite a bit on this blog, and for good reason. When implemented correctly, it can be an effective deterrent for many cyberthreats out there. However, as they often do, hackers have found ways around MFA. Let’s take a look at how hackers find ways around MFA protection.

Why is MFA So Effective?

By far the most common way hackers gain access to accounts is through phishing schemes in which they convince users to willingly hand over information like passwords and usernames. Other times hackers might just guess some of the commonly used weak passwords and get lucky. In either case, using the secondary credential offered by MFA means that there is an additional level of security, effectively preventing hackers from accessing accounts.

Or so we thought.

What’s Happening with Hackers and MFA?

Recent attacks detailed by Microsoft have shown that it is indeed possible for hackers to bypass multi-factor authentication protocols put into place by businesses. Note the word used—bypass—rather than breaking into. Hackers aren’t actually breaking through MFA; all they are doing is finding alternative ways around it.

It’s like taking a walk down a forest path only to find that a tree has fallen, blocking your way. Sure, you could waste half the day chopping away at it with an ax… or you could walk around it.

The most popular way of bypassing MFA is through the use of adversary-in-the-middle attacks in which the hacker uses a phishing attack in conjunction with a proxy server between the victim and the service they are logging into. The hacker is able to steal the password as well as the session cookie. The user gains access to their account with no reason to suspect they have been hacked, but they have in reality given piggybacked access to their account to the hacker.

Other Methods Used by Hackers to Work Around MFA

Of course, hackers can also use other methods to bypass multi-factor authentication, if they are willing to work hard enough. If the system uses SMS messages or email codes, and they have been able to convince the user to hand over these in addition to the other login methods, then they can effectively gain access to the account in the same way as if that secondary credential didn’t even exist.

Other methods hackers can use to bypass MFA include using trojans to spy on users or to take over devices used to authenticate a system. Ultimately, if the account’s login portal depends on something that the user knows, like a code, then it can inevitably be exploited by crafty criminals.

What’s the Best Approach?

We are of the mind that the best defense against hacking attacks is to educate people on how they work in tandem with appropriate security solutions. In this case, we certainly don’t recommend against implementing multi-factor authentication; in fact, we encourage it. However, you’ll only get so far with your technology solutions if you don’t take the time to teach your employees why they are important.

We can help you implement the best enterprise-grade security solutions on the market, and coupled with comprehensive training and testing, your team will be prepared to handle just about any phishing attacks leveraged against them. To learn more about how we can help your business, contact us at (248) 844-8250.

USB Drives are Too Big of a Risk for Your Business...
Tip of the Week: How to Turn Off the Focused Inbox
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, 04 December 2022

Captcha Image

Contact Us

Learn more about what Martech Business Solutions can do for your business.

Call Us Today
Call us today
(248) 844-8250

30233 Dequindre Rd
Suite B

Madison Heights, Michigan 48071

Latest Blog

Mobile malware isn’t as common as it is on desktops or laptops, but it does still exist. In fact, recently Google had to remove quite a few applications from the Google Play Store because they were infecting smartphones with malware and adw...
TOP