One of the biggest problems with MFA has been the claim - floated by Microsoft in 2018, repeated by “industry titans,” and regularly cited by security researchers as a cautionary tale - that Multi-factor Authentication can block 99.9 percent of account compromise attacks.
Although MFA significantly improves security in most cases, it is not infallible: Grimes estimates that it can stop 30 percent to 50 percent of such attacks, but says the 99 percent figure “is not true and never will be.”
That said, phishing resistant MFA “is a great thing [that] stops a huge percentage of attacks… but if you’re not aware that your MFA solution can be easily hacked, you’re more likely to fall for being hacked.”
Multi-factor authentication (MFA), which has become near ubiquitous as a way of thwarting credential-stuffing cybercriminals, was supposed to be the surefire thing that would protect companies and their employees from compromise.
The success of MFA fatigue attacks is yet another reminder of just how well human engineering continues to find ways to work around the well-regarded security technology - not by breaking its technology, but by learning how it works so well that they can manipulate it to run rings around legitimate users.
That manipulation has produced several rather effective forms of MFA compromise - for example, MFA Interception, in which attackers compromise email accounts, smartphones, or other channels to intercept one-off MFA authentication codes.
Other attackers have developed ways to steal authentication tokens after they are granted - allowing them to spoof an authenticated user in a technique that exploits efforts to remove systems’ dependence on passwords.
All things considered, MFA is stronger than single-factor authentication, or at least that’s the theory, Roger Grimes, data-driven defense evangelist with KnowBe4, told Cybercrime Magazine.
Sponsored by KnowBe4: knowbe4.com
For more on cybersecurity, visit us at cybersecurityv...
For all of our podcasts, visit us at cybercrime.radio
Follow Cybersecurity Ventures / Cybercrime Magazine here:
LinkedIn: / cybercrime-magazine
Twitter: / cybersecuritysf
#cybersecurity #hacker #multifactorauthentication #microsoft #hacker #cybersecurity #jobs #ai #womenintech #women #cybercrime
Негізгі бет Hacking MFA with Roger Grimes. Sponsored by KnowBe4.
Пікірлер: 2