Your eight-character password can be cracked in about eight hours, using brute force attacks — even if you add in numbers, mix up the cases and throw in a special character or three. Odds are high that eight-hour window will soon be even shorter. To combat this, many companies added multifactor authentication (MFA) into their process to keep their data, applications and systems safe. According to a Microsoft study, MFA was the most adopted security tool since the beginning of the pandemic. But does this really work at a corporate scale?
Multifactor Authentication Under Attack
Not surprisingly, threat actors now target those security measures. However, there’s also good news. A recovery phone number, a common MFA measure, stopped 100% of automated bot attacks and 99% of bulk phishing attacks. However, the multifactor authentication method prevented only 70% of targeted attacks.
Because you can’t prevent issues you are unaware of, you need to stay informed about how threat actors are currently launching MFA attacks. The FBI pinpointed four types of attacks designed to get around MFA tech and processes:
SIM swapping – Multifactor authentication means that the threat actors need physical access to a device in most cases. So, attackers turned to SIM switching. They switch the employee’s physical SIM card to a phone they have physical access to, or they create a fake SIM card. This allows them to access the PIN code or other personal key sent to the employee.
Technical looph ..
Support the originator by clicking the read the rest link below.