Security News

The global multi-factor authentication market reached a value of $12.9 billion in 2021, and is expected to reach $34.7 billion by 2027, exhibiting a CAGR of 17.8% during 2022-2027, according to ResearchAndMarkets. These insights are included in the report as a major market contributor.

One of the biggest obstacles to successful phishing attacks is bypassing multi-factor authentication configured on the targeted victim's email accounts. D0x set up a phishing attack using the Evilginx2 attack framework that acts as a reverse proxy to steal credentials and MFA codes.

Traditional MFA methods falling short for most organizations. Multi-factor authentication spending and overall adoption is on the rise, following regulatory pressures from global initiatives, specifically the zero trust IT security model - but reluctance remains prominent.

5 steps to improved MFA adoption is an unbiased, comprehensive analysis of the present and future of multi-factor authentication, and challenges to widespread adoption. ID, the mobile authentication platform, the guide is written and produced by independent cybersecurity experts The Cyber Hut.

The recent growth in popularity of phishing kits that bypass MFA protection show that attackers have taken note of it and are adapting. Microsoft's inaugural Cyber Signals report shows, on the other hand, that only 22 percent of customers using Microsoft Azure Active Directory have implemented MFA protection.

Keyavi Data issued a set of best practices for keeping personal and business data out of criminal hands using multi-factor authentication. These best practices explain why MFA remains one of the best defenses for mitigating password risk and preventing cyber criminals from exploiting user credentials.

February 2022 Patch Tuesday forecast: A rough start for 2022January 2022 Patch Tuesday was a rough one for Microsoft - and us. Samba bug may allow code execution as root on Linux machines, NAS devicesA critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations.

The increased use of multi-factor authentication has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. Proofpoint researchers have flagged three such phishing kits: Modlishka, Muraena/Necrobrowser, and Evilginx2.

More and more phishing kits are focusing on bypassing multi-factor authentication methods, researchers have warned - typically by stealing authentication tokens via a man-in-the-middle attack. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, "Ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers."

The rising adoption of multi-factor authentication for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools. The increasing use of MFA has pushed phishing actors to use transparent reverse proxy solutions, and to cover this rising demand, reverse proxy phish kits are being made available.