Multi-Factor Authentication (MFA) is commonly used to protect your information online. However, MFA is not impenetrable from Social Engineering
If a password is compromised, hackers can deploy several tactics to get around any MFA protection.
The information in this blog has been sourced using The Hackers News. You can read the full story here
Adversary-in-the-middle (AITM) attacks from Social Engineering
An AITM attack involves “deceiving users into believing they’re logging into a genuine network, application, or website.”
Through this hack, people can unwittingly give information to Cybercriminals.
An example of this is a spear-phishing email that arrives in an employee’s inbox.
MFA prompt bombing
This attack involves push notifications in modern authentication apps. After hackers access a password, attackers try to use the password to trigger the MFA prompt for the compromised account.
If the user inputs their details into the MFA prompt, the hackers will gain full access to the account.
Service desk attacks from Social Engineering
Hackers access helpdesks by “feigning password forgetfulness and gaining access through phone calls.”
If the proper verification checks aren’t in place, hackers may be granted access to an organisational environment.
Another way is to “exploit recovery settings and backup procedures by manipulating service desks to circumvent MFA.”
An example of this is when hackers contact a service desk claiming their phone is not functioning or is lost, then request a new account which is controlled by an attacker-controlled MFA authentication device. This will allow the hackers to gain control.
SIM swapping
This technique involves Cybercriminals deceiving “service providers into transferring a target’s services to a SIM card under their control.”
The hackers can then effectively take over the target’s mobile phone service and phone number, letting them intercept MFA prompts and gain full access to accounts.
Artificial Intelligence (AI) is transforming industries by improving efficiency and decision-making. However, cybercriminals are also harnessing AI to create more sophisticated and targeted cyber
For many growing businesses, having access to board-level IT leadership can make the difference between simply maintaining systems and using technology as a driver
In sectors where client trust is everything legal, accountancy, financial services the cost of a cyber breach goes far beyond lost data. It strikes
In today’s rapidly evolving business landscape, relying solely on reactive IT support can hinder your organisation’s growth and resilience. Without a strategic IT roadmap,
How 4th Platform (Powered by Gamma) keeps your business ahead with Cloud Communications. The UK’s analogue phone network is being switched off in 2027, and
Why getting your cloud setup right the first time matters more than you think. Cloud services have revolutionised how modern businesses operate offering flexibility,
Despite increased awareness of cyber threats across the legal sector, law firms continue to be prime targets for cybercriminals. These attacks are no longer
In today’s fast-paced business environment, technology is the backbone of productivity. When IT systems run smoothly, employees can focus on their tasks without unnecessary
When we think about cybersecurity threats, external hackers and cybercriminals often come to mind. However, some of the most significant risks come from within
In an era where financial fraud is on the rise, UK businesses are increasingly finding themselves targeted by cybercriminals deploying sophisticated scams. The financial
