Threat actors target MFA

Whatever you read here in a few moments – it is my opinion that MFA (Multi-factor authentication) still remains a key tool in protecting your team’s credentials and defending your information.

MFA under attack

There have always been weaknesses in and attacks against, some very simple such as just annoying the user so much they let the attacker in, to sophisticated man-in-the-middle and phone cloning attacks.

What’s Wrong with MFA

Now researchers have discovered a phishing attack that bypasses MFA for Microsoft 365 and Google accounts. Worse is that the attackers do not need much in the way of technical skills as the attack is being offered by a phishing-as-a-service (PhaaS) platform named Tycoon 2FA. This new version of a previous attack kit stealthier than its predecessor, includes a filter so only people are targetted not research/protection bots and includes a step to bypass the account 2FA protection.

Bill Toulas’s article on BleepingComputer has an excellent step-by-step description of the attack:

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

The Bitcoin account associated with the threat group has had over 530 transactions that are believed to be payments for the PhaaS kit. This attack is out there in the wild.

Your takeaway

The article does not indicate how effective the attack in bypassing the MFA authenticator app but the attack exists. Here are three things to think about when it comes to your cyber security.

  • You should buy the best cyber security tools you can afford.
  • You should take steps to protect and monitor your organisation’s credentials.
  • You need to understand that threat actors work to defeat any and all technical defences and that effective cyber security awareness training of your team is really one of the best cyber security defences you can deploy.

We offer a range of cyber security awareness training – you will find an option here that will fit in with your organisation – Cyber Security Awareness Training at Smart Thinking Solutions

It is probably time for you to see what the modern options are beyond just a firewall, email filtering and anti-virus software. We have a range of tools in our security stack that meet these demands and go beyond that. Our Security Operations Centre (SOC) monitors and defends your credentials and information 24/7 every day of the year.

Register now for our upcoming webinar by industry expert John O’Mahony, where he will be explaining how small organisations can leverage corporate level cyber security.

More information here: Another Chance to Take Your Next Cyber Security Step

And here: So you don’t think cyber security is for you?

Or register here: Leveraging Corporate Level Cyber Security Webinar – Register Here

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading