"Cyberattackers Double Down on Bypassing MFA"

As companies increasingly require more robust security for their employees and customers, attackers are getting better at bypassing multi-factor authentication (MFA), resulting in steady compromises. While there are multiple ways to circumvent the security of two-factor authentication (2FA) that uses one-time passwords (OTPs) sent via short message service (SMS) texts, systems protected by push notifications or hardware tokens are regarded as being significantly more difficult to compromise. However, attackers have found three methods to bypass the increased security: MFA flooding, proxy attacks, and session hijacking, which target the user, the network, and the browser, respectively. Typically, the first target of an attacker is the person behind the keyboard. According to Verizon's 2022 Data Breach Investigations Report (DBIR), more than 80 percent of web application breaches are linked to the use of stolen passwords. This article continues to discuss the techniques cybercriminals are using to steal credentials and gain access to high-value accounts despite companies increasingly adopting MFA. 

Dark Reading reports "Cyberattackers Double Down on Bypassing MFA"