This blog had been published at www.keepnetlabs.com.
A Phishing Attack Bypasses Two-Factor Authentication
To protect the information, passwords have been utilised as a method In the early years of technology that they appeared as the best solution for managing access to systems or data. However, in today digitalised world, organisations can’t perpetually monitor their users to make sure they are using best practices. Many people use weak passwords or use the same or similar passwords for their different accounts, and become victims of a phishing scam.
Multi-factor authentication (MFA) is a way of access control where a user is allowed access simply after successfully presenting at least two separate pieces of evidence to an authentication mechanism, typically of(a) knowledge (something they know), (b) possession (something they have), (c) inherence (something they are) of categories:1
Nevertheless, shielding an account with MFA doesn’t indicate everything is secure. Some security experts have proved an automatic phishing scam that can cut through two-factor authentication (2FA) by tricking users into giving their private credentials.
As it was stated in a post by Fortune 2 “The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2, bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.”
Two tools are employed for the hack: Muraena and NecroBrowser, those are working together to automate the attacks. Muraena blocks traffic between the user and the target website, acting as a proxy between the victim and a real website. When Muraena has the victim on a fake website that looks like a real login page, users will be asked to enter their login credentials, as well as the 2FA code. If the Muraena validates the session’s cookie, it is then passed along to NecroBrowser that can create windows to keep track of the private accounts of tens of thousands of victims.3
However, 2FA is still considered a best security practice rather than simply relying on a username and strong password. But people should be more careful regarding identifying a phishing scam.
Note: A demonstration of the attack was also released on GitHub, an open source coding site, to provide developers with an opportunity to see how it works.
The phishing attacks the hardest to stop
Phishing is the first delivery method for other types of malicious software. A phishing scam isn’t just targeted at gaining information. Phishing attacks can also be used to distribute malicious programs, such as ransomware. Email attachments are still the main method of delivery for malicious programs. Also, 97% of users cannot identify a sophisticated phishing email and according to the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing.4
Furthermore, according to the 2019 Cyber Security Breaches Survey published by the UK government,5 the most prevalent attack vector is a phishing attack.
Figure 1. ( Source: Cyber Security Breaches Survey 2019)
Read this article to see how to protect your business against phishing attacks.
https://www.lanspeed.com/blog/why-multi-factor-authentication-is-so-importanthttp://fortune.com/2019/06/04/phishing-scam-hack-two-factor-authentication-2fa/http://fortune.com/2019/06/04/phishing-scam-hack-two-factor-authentication-2fa/https://www.keepnetlabs.com/phishing-statistics-you-need-to-know-to-protect-your-organization/https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/791940/Cyber_Security_Breaches_Survey_2019_-_Main_Report.PDF
Teknoloji Haberleri
- Netflix'in hit dizisi, yarım asırlık kitabı çok satanlar listesine soktuNetflix'in yeni hit dizisi 3 Cisim Problemi (3 Body Problem) sadece konusuyla değil, neden olduğu bir "yan etki" nedeniyle de manşetlerde. Dizi, yarım asır önce yazılmış bir kitabı nasıl oldu da çok satanlar listesine soktu?
- Spielberg'in övgü yağdırdığı bilim kurgu filmiUsta yönetmen Steven Spielberg, Denis Villeneuve'e, Dune: Çöl Gezegeni Bölüm İki'nin gördüğü en parlak bilim kurgu filmlerinden biri olduğunu söyledi, özellikle bir sahneyi övdü.
- Plaklar, üst üste ikinci yılda da CD satışlarını geride bıraktıİnternet üzerinden şarkı dinleme çağında, eskimiş bir teknoloji olan vinil plakları kim, neden satın alıyor? Plaklar nasıl oldu da böylesine güçlü bir geri dönüşe imza attı?
- Neuralink N1 çipinin beynine yerleştirildiği ilk hasta, sadece düşünceleriyle Civilization VI oynadığını açıkladıElon Musk'ın sıra dışı şirketi Neuralink tarafından beynine N1 çipi yerleştirilen ilk hasta, sadece düşüncelerini kullanarak Civilization VI oynayabildiğini açıkladı.
- Sır gibi saklanan bir yere ekilen 30 ağaç fidesinin hikayesiChester Hayvanat Bahçesi yetkilileri, 30 yeni ağaç fidesini sır gibi saklanan bir yere ektiklerini duyurdu. Bu fideleri neyin farklı kıldığını ve neden saklı bir yere ekildiklerini ise bakın nasıl açıkladılar...