Read Time:1 Minute, 36 Second

MFA codes, such as one-time passwords, are the new hot item for cybercriminals looking to break into networks.

According to Auth0’s latest report, cybercrime groups have stepped up their attacks on multifactor authentication (MFA) systems in recent months.

Auth0’s report found that cybercriminals are using two methods to bypass MFA and gain access to accounts: brute-forcing the two-factor process and using social engineering to trick a targeted user.

Once they’ve bypassed MFA, attackers can gain access to sensitive data or wreak havoc on systems and networks. The stakes are high for organisations that have not correctly implemented MFA.

“Consequently, the first half of 2022 has seen a higher baseline of attacks against MFA than any previous year in our dataset. As attackers become more sophisticated at targeting this important defensive measure, MFA must be implemented correctly, and that strong secondary factors are chosen,” the Auth0 team explained.

Auth0’s report highlights the importance of using robust MFA methods to protect accounts by requiring users to provide a username and password and a second-factor authentication code from a physical token or a fingerprint. 

It also underscores the need for organisations to educate their users about the dangers of phishing attacks and other methods that cybercriminals use to obtain MFA codes.

Furthermore, Okta, a leading provider of identity and access management solutions, has been tracking these attacks and has found that they are becoming more sophisticated and targeted. 

Hence, organisations should be aware of these bypass methods and take steps to protect their users, such as implementing strong security policies and procedures, providing user training on the spot and avoiding social engineering attacks, and using MFA methods that are more difficult to circumvent.

Auth0 recommends that businesses and individuals use a robust MFA solution that includes two-factor authentication and biometrics. This will help to ensure that only authorised users can access their private data and systems.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Australian Cyber Security Centre Previous post Australian Organisations Under Threat From Iranian State-Sponsored APT Actors
Surveillance Camera Next post Cybercriminals Are Selling Access To Chinese Surveillance Cameras