"Concerns Grow about MFA Bypass Attacks"
Multi-factor authentication (MFA) involves authentication factors such as passwords, fingerprints, and smartphones to secure systems and data. Security experts encourage consumers and organizations to adopt MFA, because it is more difficult for hackers to gain unauthorized access to systems when multiple authentication factors are required. However, cybercriminals are increasingly evading MFA with specially designed attacks. In February, Reddit discovered that its employees had been phished via email, which tricked them into providing the cybercriminals with their MFA credentials. According to James Quick, director of solutions and advisory for the Identity and Access Management (IAM) company Simeio, the attackers used convincing prompts directing employees to a website mimicking Reddit's intranet gateway. When employees entered their credentials and second-factor tokens, the criminals were able to gain access to the organization. MFA bypass attacks are increasing. Sapphire Cybersecurity reported that there were 40,942 MFA fatigue attacks in August 2022. Hackers have used MFA bypass techniques such as man-in-the-middle (MitM) attacks, MFA bypass phishing kits, stolen browser session cookies, MFA fatigue, and malicious OAuth applications. This article continues to discuss growing concerns regarding MFA bypass attacks.