Security News
The US Cybersecurity and Infrastructure Security Agency and FBI issued a joint alert on March 15 warning organizations that state-backed criminals could use the MFA defaults and flaw to access networks. In this case, the unnamed cybercriminal gang took advantage of a misconfigured account to set default MFA protocols at the NGO. The bad actors enrolled a new device for MFA and accessed the NGO's network and then exploited the PrintNightmare flaw - tracked as CVE-2021-34527 - to run malicious code and gain system privileges, giving them access to email accounts and enabling them to move laterally to the organization's cloud environment and to steal documents.
"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim network," the agencies said. The attack was pulled off by gaining initial access to the victim organization via compromised credentials - obtained by means of a brute-force password guessing attack - and enrolling a new device in the organization's Duo MFA. It's also noteworthy that the breached account was un-enrolled from Duo due to a long period of inactivity, but had not yet been disabled in the NGO's Active Directory, thereby allowing the attackers to escalate their privileges using the PrintNightmare flaw and disable the MFA service altogether.
The FBI says Russian state-backed hackers gained access to a non-governmental organization cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication protocols. To breach the network, they used credentials compromised in a brute-force password guessing attack to access an un-enrolled and inactive account, not yet disabled in the organization's Active Directory.
The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes. The malware author is renting the beta version of the malware for $3,000 per month to a maximum of five customers, with threat actors having the ability to test the bot for free for three days.
The global multi-factor authentication market reached a value of $12.9 billion in 2021, and is expected to reach $34.7 billion by 2027, exhibiting a CAGR of 17.8% during 2022-2027, according to ResearchAndMarkets. These insights are included in the report as a major market contributor.
One of the biggest obstacles to successful phishing attacks is bypassing multi-factor authentication configured on the targeted victim's email accounts. D0x set up a phishing attack using the Evilginx2 attack framework that acts as a reverse proxy to steal credentials and MFA codes.
Traditional MFA methods falling short for most organizations. Multi-factor authentication spending and overall adoption is on the rise, following regulatory pressures from global initiatives, specifically the zero trust IT security model - but reluctance remains prominent.
5 steps to improved MFA adoption is an unbiased, comprehensive analysis of the present and future of multi-factor authentication, and challenges to widespread adoption. ID, the mobile authentication platform, the guide is written and produced by independent cybersecurity experts The Cyber Hut.
The recent growth in popularity of phishing kits that bypass MFA protection show that attackers have taken note of it and are adapting. Microsoft's inaugural Cyber Signals report shows, on the other hand, that only 22 percent of customers using Microsoft Azure Active Directory have implemented MFA protection.
Keyavi Data issued a set of best practices for keeping personal and business data out of criminal hands using multi-factor authentication. These best practices explain why MFA remains one of the best defenses for mitigating password risk and preventing cyber criminals from exploiting user credentials.