Wednesday, January 27, 16:58
Home security Caution: Even MFA can be "hacked"!

Caution: Even the MFA can be "hacked"!

According to one expert security, Multi-Factor Authentication (MFA) is a good way to protect your electronics accounts, this does not mean that users should not take the necessary protective measures. The MFA is generally stronger than the simple protection that includes only one password, since users have to put two or more different items to prove their identity. Roger Grimes who deals with protection and security data in KnowBe4 said in a recent ITWC webinar that users should not rely on someone who claims they cannot be the victim of hacking attacks, as most people are scared to see how easy it is to do so. Grimes also pointed out that the businesses must train their employees to be able to detect potential hacker scams, even if they use MFAs.

How do hackers get through the MFA?

The social engineering is responsible for 70-90% of data breaches, which does not change with the MFA, Grimes said. One of the most common attacks is called "hijacking network ”. In this case, hackers use Phishing emails to deceive users, prompting them to sign in to a fake websitethen steal them credentials and the session to access their accounts. Another popular one hacking the attack is to use phishing hackers emails to access and inject a virus into users' systems. "If the computer has been hacked, the game is over, as hackers will be able to do exactly what users are doing," Grimes said. Last year, a group of hackers stole $ 100 million in this way.

The MFA methods that send verification codes to mobile phones via SMS they are also vulnerable. For example, in the "SIM swap" scam, hackers obtain login information via phishing email or call and then steal SIM card information. This allows them to receive the verification codes by SMS set by the users and to reset the password of their account. Grimes warned that this happens thousands of times in one day. He then stressed that account recovery questions (eg parent name) are one of the worst forms of authentication and should be removed as their answers are usually expected or can be found at a rate of 20% in personal information. that users refer to SOCIAL MEDIA. The biometrics used for authentication are also a common target for hackers, given that fingerprints of users are everywhere, and if stolen, users will fear a lifetime of being attacked.

How can you protect yourself against MFA attacks?

Initially, businesses should include the issue of MFA attacks on employee safety education. Employees need to learn how to detect suspects left-wing and check if a URL is legal. Although it may be difficult, users should try to avoid SMS based applications. If they use them, they should minimize the public phone number positions they use to retrieve an account. Users should never trust someone who calls unexpectedly or sends verification via SMS. They should also be suspicious if they are asked to send an SMS with a PIN code in response to a specific SMS. Usually, the password is entered on a site. Also, when asking questions about sensitive and confidential information, users should not tell the truth to anyone. Instead, they should deliberately enter the wrong answers and record them or save them to password managers. Finally, Grimes warns that people need to understand that anything can be "hacked" and that they need to rely more on logic rather than multi-factor authentication.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


DanaBot: Researchers have discovered a fourth variant of the banking trojan!

Security researchers warn that a new fourth variant of DanaBot banking trojan has appeared, after months that the malware remained in ...

NCA warns investors of "clone companies" fraud

On Wednesday, the United Kingdom National Crime Agency (NCA) and the Financial Conduct Authority (FCA) issued a fraud alert ...

Volkswagen will launch a new solar yacht on the market

VW (Volkswagen) launched a new project to launch a new solar yacht in collaboration with Silent Yachts ...

Intel launches the first distinctive Iris Xe desktop graphics cards

Intel's first discrete desktop graphics cards will soon be on the market as part of pre-built systems that can ...

The Solar Orbiter captured the view of Venus, Earth and Mars

The Solar Orbiter spacecraft was launched in early 2020 with a mission to study the sun, but ...

Giant retail company Dairy Farm is under ransomware attack

Giant retailer Dairy Farm Group came under attack this month by REvil ransomware. The attackers claim that they demand ...

YouTube: Suspends Trump's lawyer, Rudy Giuliani, from the Partner Program

YouTube announced yesterday that it has suspended the channel of Rudy Giuliani, Donald Trump's lawyer, from the Partner Program, ...

Google Lens on Android supports offline translation

Google is finally releasing offline translation support on Google Lens on Android. This feature, which is in progress here ...

Hackers use "ghost accounts" to distribute ransomware

Cybercriminals use many methods to gain access to corporate networks. Some of the most common are brute-force ...

Sudo: Fixed a decade bug that endangered Linux users

A very important vulnerability that affects a large part of the Linux system was fixed today in Sudo, an application that allows administrators ...