BSGTech Blog

BSGTech has been serving the Chicagoland area since 2009, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Hackers Are Finding Holes in Multi-Factor Authentication

Hackers Are Finding Holes in Multi-Factor Authentication

We know we hype up multi-factor authentication, or MFA, quite a bit on this blog, and for good reason. When implemented correctly, it can be an effective deterrent for many cyberthreats out there. However, as they often do, hackers have found ways around MFA. Let’s take a look at how hackers find ways around MFA protection.

Why is MFA So Effective?

By far the most common way hackers gain access to accounts is through phishing schemes in which they convince users to willingly hand over information like passwords and usernames. Other times hackers might just guess some of the commonly used weak passwords and get lucky. In either case, using the secondary credential offered by MFA means that there is an additional level of security, effectively preventing hackers from accessing accounts.

Or so we thought.

What’s Happening with Hackers and MFA?

Recent attacks detailed by Microsoft have shown that it is indeed possible for hackers to bypass multi-factor authentication protocols put into place by businesses. Note the word used—bypass—rather than breaking into. Hackers aren’t actually breaking through MFA; all they are doing is finding alternative ways around it.

It’s like taking a walk down a forest path only to find that a tree has fallen, blocking your way. Sure, you could waste half the day chopping away at it with an ax… or you could walk around it.

The most popular way of bypassing MFA is through the use of adversary-in-the-middle attacks in which the hacker uses a phishing attack in conjunction with a proxy server between the victim and the service they are logging into. The hacker is able to steal the password as well as the session cookie. The user gains access to their account with no reason to suspect they have been hacked, but they have in reality given piggybacked access to their account to the hacker.

Other Methods Used by Hackers to Work Around MFA

Of course, hackers can also use other methods to bypass multi-factor authentication, if they are willing to work hard enough. If the system uses SMS messages or email codes, and they have been able to convince the user to hand over these in addition to the other login methods, then they can effectively gain access to the account in the same way as if that secondary credential didn’t even exist.

Other methods hackers can use to bypass MFA include using trojans to spy on users or to take over devices used to authenticate a system. Ultimately, if the account’s login portal depends on something that the user knows, like a code, then it can inevitably be exploited by crafty criminals.

What’s the Best Approach?

We are of the mind that the best defense against hacking attacks is to educate people on how they work in tandem with appropriate security solutions. In this case, we certainly don’t recommend against implementing multi-factor authentication; in fact, we encourage it. However, you’ll only get so far with your technology solutions if you don’t take the time to teach your employees why they are important.

We can help you implement the best enterprise-grade security solutions on the market, and coupled with comprehensive training and testing, your team will be prepared to handle just about any phishing attacks leveraged against them. To learn more about how we can help your business, contact us at (866) 546-1004.

USB Drives are Too Big of a Risk for Your Business...
Tip of the Week: How to Turn Off the Focused Inbox
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, 21 December 2024

Captcha Image

Mobile? Grab this Article

QR Code

Customer Login


News & Updates

BSGtech (formerly Business Solutions Group) is proud to announce the launch of our new website at www.bsgtech.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more infor...

Contact us

Learn more about what BSGtech can do for your business.

BSGtech
800 E. Business Center Dr.
Mt. Prospect, Illinois 60056

123 W Madison Street, Suite 1700
Chicago, Illinois 60602