Recent well-publicized cyber-attacks have shown the efficacy of an intriguing technique for bypassing multi-factor authentication (MFA). MFA adds an additional level of protection for user accounts.
MFA should stop threat actors from accessing an account if they are able to get the username and password for the account through phishing or other means. There are different kinds of MFA, and attackers can evade this security measure in a number of ways. They can use malware that collects MFA codes, exploit MFA bypass vulnerabilities, social engineering to coerce the target into providing the one-time password.
The hackers can also set up phishing pages that harvest both the username and password as well as the MFA code, or SIM swap the victim’s phone number to receive the codes intended for the target.
Read More: High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
