Cybercriminals use automated bot to bypass 2FA authentication at wide scale

2022-06-08 13:39

Single factor authentication has been the standard for many years on Internet-facing services, but it clearly lacks security.

While 2FA drastically increases the security of Internet services, it can still be bypassed by some methods.

One such method is to compromise the phone of the victim in order to steal the 2FA information and use it to successfully login to a 2FA-enabled service.

At the same time, the attacker selects the relevant mode for the targeted system, and enters the victim's mobile number and bank or service name into the bot.

The bot then starts a call impersonating the bank or service using IVR and asks for the one-time password.

"SMSranger bot featured modes specifically targeting retail banking, PayPal, Apple Pay, email users, mobile carrier consumers and customer services," Cyble said.

News URL

https://www.techrepublic.com/article/cybercriminals-automated-bot-bypass-2fa/

#2FA #authentication #BOT #bypass #cybercriminal