Multi-Factor Authentication (MFA) is commonly used to protect your information online. However, MFA is not impenetrable from Social Engineering
If a password is compromised, hackers can deploy several tactics to get around any MFA protection.
The information in this blog has been sourced using The Hackers News. You can read the full story here
Adversary-in-the-middle (AITM) attacks from Social Engineering
An AITM attack involves “deceiving users into believing they’re logging into a genuine network, application, or website.”
Through this hack, people can unwittingly give information to Cybercriminals.
An example of this is a spear-phishing email that arrives in an employee’s inbox.
MFA prompt bombing
This attack involves push notifications in modern authentication apps. After hackers access a password, attackers try to use the password to trigger the MFA prompt for the compromised account.
If the user inputs their details into the MFA prompt, the hackers will gain full access to the account.
Service desk attacks from Social Engineering
Hackers access helpdesks by “feigning password forgetfulness and gaining access through phone calls.”
If the proper verification checks aren’t in place, hackers may be granted access to an organisational environment.
Another way is to “exploit recovery settings and backup procedures by manipulating service desks to circumvent MFA.”
An example of this is when hackers contact a service desk claiming their phone is not functioning or is lost, then request a new account which is controlled by an attacker-controlled MFA authentication device. This will allow the hackers to gain control.
SIM swapping
This technique involves Cybercriminals deceiving “service providers into transferring a target’s services to a SIM card under their control.”
The hackers can then effectively take over the target’s mobile phone service and phone number, letting them intercept MFA prompts and gain full access to accounts.
If your business relies on IT support, you’ve likely encountered TeamViewer as a remote access solution. While widely used, TeamViewer has its share of
This morning, a security update from CrowdStrike caused an unexpected issue on Windows devices, leading to a Blue Screen of Death (BSOD) for many
In today’s first King’s Speech under the new Labour Government, King Charles III announced plans to establish appropriate legislation for developing the most powerful
Cybersecurity and the King’s Speech: New Laws to Protect the NHS and MODNew laws to protect the NHS and MOD will be announced in
It is claimed that “more than 1,800 jobs” are at risk at Carpetright. The retailer has filed a notice of intention to appoint administrators
Choosing the best contact centre software is crucial for any manufacturer. Every customer interaction can enhance your business’s operational excellence and agility. At 4th
A cybersecurity expert has warned that the NHS remains vulnerable after the June 3 London Hospital Cyber Attack on London hospitals. The evaluation of
Staying current with the latest Cybersecurity Metrics trends and industry regulations requires your organisation to remain flexible and agile to changes. Ensuring that your
This month (June 2024), NHS London fell victim to a brutal cyberattack, forcing administrators to cancel operations and transfer emergency patients to alternative centres
NHS England has confirmed that patient data managed by Synnovis, was stolen in a significant ransomware attack on June 3rd. The Russian cyber-criminal group