Security News > 2022 > February > Hackers have begun adapting to wider use of multi-factor authentication
Hackers have begun adapting to wider use of multi-factor authentication.
Security researchers at Proofpoint are warning of a new threat that's only likely to become more serious as time goes on: Hackers who publish phishing kits are beginning to add multi-factor authentication bypassing capabilities to their software.
Enterprising hackers are motivated by a challenge like the one posed by MFA, and Proofpoint seems to have evidence that they've succeeded.
Traditionally, Proofpoint said in its report, phishing kits available for sale online range from "Simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, social security numbers and credit card numbers." The way they typically do that is to recreate a target website, like a login page, in the hopes of tricking unaware users.
With MFA in the mix, fake pages are rendered useless: While an attacker may have a username and password, the second factor remains out of reach.
Also See Share: Hackers have begun adapting to wider use of multi-factor authentication.