This post was original published on 27 June 2022
Update 14 July 2022
Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication:
Phishing is a high value cyber attack and this motivates the threat actors – you need to take action:
$8 million stolen in large-scale Uniswap airdrop phishing attack (bleepingcomputer.com)
Multi-factor authentication (MFA) is also referred to as dual-factor authentication (DFA) and two factor authentication (2FA). All have the same function to securely provide a one time password (OTP), only to the authorised user, so they can get access to a service. Examples of services that implement MFA for added security are; Microsoft 365, Google, WordPress and Amazon among many, many others.
A Quick overview of MFA:
Multifactor Authentication | MFA | Microsoft Security
Original Post:
Here is a story on how the threat actors can bypass your MFA security:
Clever phishing method bypasses MFA using Microsoft WebView2 apps (bleepingcomputer.com)
Of course it uses phishing emails and social engineering to steal your authentication cookies.
Please Note:
I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.