Multi Factor Authentication or MFA is the new hotness in terms of keeping yourself secure. But not so fast. In a new report published today from Proofpoint, researchers are warning that phishing actors are coming up with new ways to bypass multi-factor authentication (MFA). The increased use of MFA, given the pandemic and the migration of WFH, has pushed threat actors to use transparent reverse proxy solutions, and to cover the rising demand, reverse proxy phish kits are being made available for purchase.
Key takeaways from the report include:
- As multi-factor authentication becomes a standard security practice, phish kits are evolving with the times to steal these tokens and bypass this trusted layer of security.
- Threat actors are using phish kits that leverage transparent reverse proxy, which enables them to man-in-the-middle (MitM) a browser session and steal credentials and session cookies in real-time.
- It is likely that more threat actors will turn to these MitM phish kits, making security increasingly difficult for defenders.
Aimei Wei, Founder and CTO, Stellar Cyber has this to say:
“Hackers are evolving quickly in response to the security defense measures such as MFA. While security industry prepares to deal with this blind spot, people should always be vigilant on the email or website before clicking a link or login to a website.”
If this concerns you, and it should, then one of the mitigation strategies that you might want to consider is passwordless authentication. A number of companies are bringing this technology to market, or have already brought this technology to market. Thus it might be an option for your enterprise.
Like this:
Like Loading...
Related
This entry was posted on February 3, 2022 at 2:46 pm and is filed under Commentary with tags Proofpoint. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The IT Nerd 
Heightened MFA Use Pushes Hackers To Devise New Phishing Tactics To Beat MFA
Multi Factor Authentication or MFA is the new hotness in terms of keeping yourself secure. But not so fast. In a new report published today from Proofpoint, researchers are warning that phishing actors are coming up with new ways to bypass multi-factor authentication (MFA). The increased use of MFA, given the pandemic and the migration of WFH, has pushed threat actors to use transparent reverse proxy solutions, and to cover the rising demand, reverse proxy phish kits are being made available for purchase.
Key takeaways from the report include:
Aimei Wei, Founder and CTO, Stellar Cyber has this to say:
“Hackers are evolving quickly in response to the security defense measures such as MFA. While security industry prepares to deal with this blind spot, people should always be vigilant on the email or website before clicking a link or login to a website.”
If this concerns you, and it should, then one of the mitigation strategies that you might want to consider is passwordless authentication. A number of companies are bringing this technology to market, or have already brought this technology to market. Thus it might be an option for your enterprise.
Share this:
Like this:
Related
This entry was posted on February 3, 2022 at 2:46 pm and is filed under Commentary with tags Proofpoint. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.