3 main tactics attackers use to bypass MFA

2023-12-26 05:00

SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in response to increased attacker activity to exploit failure points.

As is often the case when compromising systems, attackers have not reinvented the wheel to circumvent MFA, or 2FA, as it is also known.

"MFA is still one of the best security measures people can use since the password was invented, but as organisations shore up their defences deploying it, so attackers are switching tactics and working hard to find ways around it," says Simon Edwards, CEO of SE Labs.

How attackers bypass MFA. The 'Approve Sign-in' method of MFA is very popular with users because it is a simple click.

Using SMS for 2FA is particularly vulnerable to attack, and while companies should actively take steps to start using other types of authentication, SE Labs believe it is still better than not using MFA at all.

Otherwise known as session hijacking or cookie hijacking, the attacker doesn't need to engage in the MFA process at all.

News URL

https://www.helpnetsecurity.com/2023/12/26/tactics-bypass-mfa/

#bypass #MFA