Digital Fraud, Threat Intelligence

What MFA attacks look like and how to keep your company safe

By Content Team on June 9, 2023

Multifactor Authentication (MFA) is an authentication process where access is granted based on more than one factor or evidence. MFA is a security measure aimed at protecting corporate systems and data against intrusions, as traditional authentication with login and password has vulnerabilities. However, multifactor authentication is not an infallible solution, and criminals are constantly seeking new ways to bypass it.

Identity management is one of the major challenges in information security. The initial success of multifactor authentication was in blocking various invasion techniques. Even today, less sophisticated attacks are still thwarted by the mere existence of a second factor of authentication. On the other hand, some authentication mechanisms that were once considered robust, such as SMS delivery, are no longer sufficient to protect accounts.

Phishing has been reinvented to work against MFA, and criminals have developed new categories of malware dedicated to stealing authorized sessions and exploiting vulnerabilities in authentication implementations. In 2022, two MFA solution providers were breached, compromising the security of protected accounts, and vulnerabilities were exposed in telecommunication networks that deliver one-time-use codes.

To help mitigate MFA vulnerabilities and prevent invasions that can result in ransomware actions, data leaks, and financial losses for the company, monitoring leaked credentials is an interesting alternative. This monitoring provides means for an organization to detect leaks and block unauthorized access, even protecting email accounts used as recovery mechanisms in MFA systems.

Monitoring also does not depend on visibility into user practices, avoiding various pitfalls. Additionally, accessing leaked data provides a straightforward way to enhance the reliability of the authentication process as it does not require changes to the existing authentication process and is easy to integrate into the ecosystem.

It is important to remember that protecting corporate data and systems is essential for business continuity and maintaining customer trust. Multifactor authentication is an important security measure but should not be considered a definitive solution.

 

Multi-factor Authentication (MFA) Overview

Multi-factor authentication (MFA) is an authentication process in which access is granted based on more than one factor or piece of evidence. MFA is a security measure aimed at protecting corporate systems and data from intrusions, as traditional login and password authentication has vulnerabilities. However, multifactor authentication is not a foolproof solution, and criminals are always seeking new ways to bypass it.

Identity management is one of the significant challenges in information security. The initial success of multifactor authentication was in blocking various intrusion techniques. Even today, less sophisticated attacks are still thwarted by the mere existence of a second factor of authentication. On the other hand, authentication mechanisms once considered robust, such as SMS delivery, are no longer sufficient to protect accounts.

Phishing has been reinvented to work against MFA, and criminals have developed new categories of malware dedicated to stealing authorized sessions and exploiting vulnerabilities in authentication implementations. In 2022, two MFA solution providers were breached, compromising the security of protected accounts, and vulnerabilities were exposed in telecommunication networks that deliver one-time-use codes.

To help mitigate MFA vulnerabilities and thwart invasions that can result in ransomware actions, data leaks, and financial losses for the company, monitoring leaked credentials is an interesting alternative. This monitoring provides means for an organization to detect leaks and block unauthorized access, even protecting email accounts used as recovery mechanisms in MFA systems.

Monitoring also does not depend on visibility into user practices, avoiding various pitfalls. Furthermore, access to leaked data provides a straightforward way to enhance the reliability of the authentication process, as it does not require changes to the existing authentication process and is easy to integrate into the ecosystem.

 

MSSPs Enhancing Security for Clients Beyond MFA

Managed Security Service Providers (MSSPs) play a key role in safeguarding their customers by providing an additional layer of security in case preventive measures like Multi-Factor Authentication (MFA) fail. While MFA is an essential security measure for protecting against unauthorized access, it is not foolproof. Platforms like Axur's enable MSSPs to monitor credentials leaks and other vulnerabilities, offering proactive monitoring and swift response to potential breaches. This additional layer of protection helps ensure business continuity and maintains customer trust by addressing security gaps that MFA alone may not cover.

 

Multi-factor Authentication: Limitations and Risks in Implementation

Password authentication is vulnerable to various types of attacks, such as theft, guessing, and repetition by the user. Among these attacks, one of the simplest is phishing, which can be executed by sending a fake email to the user, requesting password disclosure.

MFA adds extra steps to authentication, making it more complex and theoretically more secure. However, there are limitations and risks in implementing MFA that need to be considered.

One limitation is that MFA is not effective against malware threats. Although many malicious codes are created to steal credentials, MFA does not protect against the action of such malware. When malware operates directly on the user's endpoint, the attacker can take advantage of an ongoing authenticated session.

Another limitation is that MFA does not reinforce the authorization mechanism itself. In many simpler implementations of MFA, the authorization is identical to that of a single-factor account, making it vulnerable to attacks.

Additionally, MFA may require a new account recovery process, transferring the weakest link from the credential to the recovery process. Even a correctly implemented account recovery does not eliminate attacks against this process. Finally, the additional factors of MFA can also be targets of specific attacks. As passwords are an old and common target, existing attacks against other factors often go unnoticed.

Considering all these limitations and risks, it is important to have a proper understanding of the attack surface and the role MFA should play. Poorly planned implementations can leave user accounts vulnerable to attacks.

Identify and eliminate digital risks. Understand how.

Fale com um especialista

Get the latest blog news:
 

ESPECIALISTA CONVIDADO

Eduardo Schultze, Coordenador do CSIRT da Axur, formado em Segurança da Informação pela UNISINOS – Universidade do Vale do Rio dos Sinos. Trabalha desde 2010 com fraudes envolvendo o mercado brasileiro, principalmente Phishing e Malware

AUTHOR

Content Team

Experts in creating relevant external cybersecurity content to make the internet a safer place.

Related posts

Understanding Threat Actors and How to Monitor Them with Polaris
August 7, 2024
How the New Polaris Dashboard Empowers CISOs and MSSPs with Strategic Intelligence
July 24, 2024
Explore and collect indicators of compromise from thousands of sources automatically
July 17, 2024
Protecting your online presence is a major task. External threats endanger this safety. Axur helps you detect, inspect, and remove risks. Our platform automates threat management and empowers your team to focus on strategic initiatives.
www.axur.com
contact@axur.com
© Axur. Digital experiences made safe. All rights reserved.