Multi-Factor Authentication (MFA) is commonly used to protect your information online. However, MFA is not impenetrable from Social Engineering
If a password is compromised, hackers can deploy several tactics to get around any MFA protection.
The information in this blog has been sourced using The Hackers News. You can read the full story here
Adversary-in-the-middle (AITM) attacks from Social Engineering
An AITM attack involves “deceiving users into believing they’re logging into a genuine network, application, or website.”
Through this hack, people can unwittingly give information to Cybercriminals.
An example of this is a spear-phishing email that arrives in an employee’s inbox.
MFA prompt bombing
This attack involves push notifications in modern authentication apps. After hackers access a password, attackers try to use the password to trigger the MFA prompt for the compromised account.
If the user inputs their details into the MFA prompt, the hackers will gain full access to the account.
Service desk attacks from Social Engineering
Hackers access helpdesks by “feigning password forgetfulness and gaining access through phone calls.”
If the proper verification checks aren’t in place, hackers may be granted access to an organisational environment.
Another way is to “exploit recovery settings and backup procedures by manipulating service desks to circumvent MFA.”
An example of this is when hackers contact a service desk claiming their phone is not functioning or is lost, then request a new account which is controlled by an attacker-controlled MFA authentication device. This will allow the hackers to gain control.
SIM swapping
This technique involves Cybercriminals deceiving “service providers into transferring a target’s services to a SIM card under their control.”
The hackers can then effectively take over the target’s mobile phone service and phone number, letting them intercept MFA prompts and gain full access to accounts.
As cyber threats grow in sophistication, traditional methods of protection—such as static firewalls or signature-based antivirus tools—struggle to keep up. Enter machine learning (ML),
In recent years, artificial intelligence (AI) has rapidly advanced, and its influence is becoming more pronounced in the field of cybersecurity. While AI offers
In today’s increasingly digital world, cybersecurity threats are a constant concern for businesses of all sizes. With cyberattacks becoming more sophisticated and frequent, the
In the ever-evolving world of technology, businesses must stay ahead to remain competitive. With 2024 bringing unprecedented advancements in IT and growing demands
In November 2024, cybersecurity experts uncovered a sophisticated attack method known as “SEO poisoning,” where cybercriminals manipulate search engine results to distribute malware. A
In today’s increasingly connected world, the security of your wireless network is more crucial than ever. As a reseller of WatchGuard products, 4th Platform
Since 2020, working from home (WFH) has become commonplace. In the wake of the COVID-19 pandemic, almost every company had to switch their traditionally
In the digital age, establishing a strong online presence is more critical than ever. One of the key components in achieving this is a
In today’s digital age, the healthcare sector faces increasing threats from cyber attacks. The UK healthcare system, known for its comprehensive and inclusive nature,
According to councillors, Cheshire East Council should prepare for cyber-attacks by playing out scenarios. Why has Cheshire East Council acted this way? This is
