One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8631659 |
| Date de publication | 2024-12-30 13:22:42 (vue: 2024-12-30 14:08:08) |
| Titre | Why MFA is Good, but Not Good Enough: The Need for Defense-in-Depth to Combat MFA Bypass |
| Texte | Over the past decade multifactor authentication (MFA) has risen to become a cornerstone of modern cybersecurity. However, during that time as user authentication sophistication has improved, so have cybercriminal tactics. Just look at the rise of MFA bypass techniques. Despite the ability of attackers to get past MFA, beliefs about its near perfection persist. Recent Proofpoint research shows that almost half of all accounts that were taken over by bad actors had MFA configured. Yet 89% of security professionals consider MFA a complete protection against account takeover. Clearly, there\'s a disconnect. That\'s why a robust defense-in-depth approach is needed now more than ever. Layered security can help mitigate MFA bypass and reduce the likelihood of a significant breach that stems from an account takeover. In this blog post, we\'ll explore why MFA is not enough and give you some tips to better protect your organization. MFA bypass techniques MFA is effective because it requires users to authenticate with multiple factors. It combines something they know (typically their password) with something they have (an authenticator app or token) or with something they are (like a face scan). While this sounds very secure, threat actors have found multiple ways to bypass MFA. Many of these tactics are highly sophisticated: Phishing attacks. In these attacks, users are tricked by cybercriminals into entering MFA codes or their login credentials into websites that are controlled by the attackers. MFA fatigue attacks. After threat actors steal a user\'s password, they initiate a barrage of MFA push notifications. This can confuse users, leading them to approve the access request just to make the notifications stop. Session hijacking. With this technique, attackers steal session cookies post-authentication. This makes the preceding MFA-based authentication moot. SIM-swapping. This technique compromises SMS-based MFA by transferring the targets phone number to the attacker. To accomplish this, the threat actor needs to socially engineer the mobile carrier or have an insider at the organization. Pure social engineering. Most organizations have a way for remote workers to reset their passwords and MFA configurations without having to show up in person. However, without proper online identity verification the IT helpdesk can be socially engineered to hand over a spoofed employees\' credentials to the threat actor. Adversary-in-the-middle attacks. Attacker tools, like the specialized phishing kit Evilginx, intercepts session tokens. Those tokens are then relayed to legitimate services, which grant attackers access. Check out this demo of an adversary-in-the-middle attack enabled by Evilginx, which Proofpoint Account Takeover Protection can detect and stop. Why MFA alone is not enough No doubt, MFA adds a valuable layer of user authentication security. And this makes it harder for threat actors to break in. But the bypass techniques that are described above show why it\'s so risky to rely on any single security defense mechanism. The increasing prevalence of successful MFA bypass attacks just shows that determined attackers can adapt to overcome broadly deployed protections. While it might seem obvious, it\'s still important to always keep in mind that MFA should only be part of a larger security program. It\'s not a definitive defense. The whole point of defense-in-depth means that implementing additional layers of security reduces the likelihood of a successful attack, even if one layer is breached. Implementing a defense-in-depth strategy A defense-in-depth approach involves multiple, overlapping security measures. This creates redundancies and reduces an attacker\'s ability to exploit any vulnerabilities. Here\'s how organizations can bolster their defenses against MFA bypass: Strengthen endpoint protection. Deploy endpoint detection and response (EDR) tools to identify and mitig |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | ability about above absorb access accomplish account accounts actor actors adapt additional adds adopt adversary after against ahead all almost alone also always any app approach approve are area assets attack attacker attackers attacks attempts authenticate authentication authenticator automatically awareness bad barrage based battle because become before beliefs better biometrics blog bolster breach breached break broadly building but bypass bypass: can carrier case check clearly cloud codes combat combines complete comprehensive compromises configurations configured confuse consider continues controlled cookies cornerstone creates credential credentials cyber cybercriminal cybercriminals cybersecurity cybersecurity: damage data decade defense defense defenses defined definitive demo deploy deployed depth described despite detect detection determined disconnect doubt downloading during dynamic edr educate effective email employees enabled endpoint engineer engineered engineering enough enough enough: ensure entering even ever every evilginx example exploit explore face factors fails fatigue fido2 found from future get give good grant had half hand harder hardware has have having heavily help helpdesk here highly hijacking host how however identify identity impact implement implementing important improved incident includes increasing initiate insider intercepts invest investigate investing involves its just keep keys kit know larger layer layered layers leading learn legitimate less level like likelihood login logins look make makes making many means measures mechanism methods mfa middle might mind mitigate mobile modern moot more most multifactor multiple nature near need needed needs not notifications now number obvious occur one online only organization organizations other out over overcome overlapping part password passwords past perfection persist person phishing phone plan platform point post preceding prefer prepare present prevalence proactive professionals program proofpoint proper protect protection protections pure push quickly recent recognize recovery reduce reduces redundancies relayed rely remote request requires research reset resistant respond response revoke rise risen risky robust scan scenarios secure security seem services session sheet shift should show shows significant sim single sms social socially some something sophisticated: sophistication sounds specialized spoofed stay steal stems step stop stopping strategy strategy strengthen successful such sure susceptible suspicious swapping systems tactics taken takeover takeovers target targeted targets technique techniques techniques than that them then there these those threat threats time tips today token tokens tools train training transferring tricked typically unauthorized unbreakable use user users valuable verification very vulnerabilities wall; watch way ways websites well when where which whole why without workers worst yet your |
| Tags | Tool Vulnerability Threat Mobile Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.