Two-factor or multi-factor authentication is used to secure organizations and accounts from attackers, making it a problem for malicious actors. Recent attacks show how they are attempting to bypass or avoid it completely.
In recent years two-factor or multi-factor authentication (MFA) has been touted as the way to protect your personal and business accounts from attack. This led to the wide adoption of MFA - from corporate accounts to social media profiles, almost all provide the option of enabling MFA, with many requiring it.
This means that, for attackers, stealing credentials or brute forcing passwords is no longer enough - if they don’t have access to victims’ multi-
factor access token or code they will still not be able to access their accounts. The increasing use of MFA means that attackers have had to endeavor to find ways to bypass it, or avoid carrying out attacks that may be stalled by it. When we look at recent high-profile attacks, such as SolarWinds, the Microsoft Exchange Server ProxyLogon attacks, and the vulnerabilities found in Pulse Secure VPN recently, all these attacks help attackers avoid the hurdle of needing to overcome MFA.
While MFA has perhaps only gained wide adoption in the last couple of years, attacks attempting to bypass MFA date as far back as 2011, when RSA Security was forced to replace 40 million SecurID tokens - which were used for MFA at the time - after the company was hacked.
However, recently, there have been some more notable examples of attacks that attempt to either bypass MFA, or eradicate the need to bypass it at all, with five of these outlined in this blog.
Read the entire article here.