Multi-factor authentication (MFA) has become widely used to protect information. A method that isn’t as secure as you might think. MFA is when the user has to provide two or more verification factors such as phone number or email. The most common MFA is 2-factor authentication (2FA) The way 2FA works is that when a user is logging into a site that needs a username and password they also need a verification code that can be sent through the phone number or email you provided. The only way to enter the site is by entering the verification code. While this seems like a secure way to protect information, hackers have found a way to bypass MFA.
According to Slashnext, a cyber security detection company, says, “The first technique bad actors employ is a man in the middle (MitM) or reverse web proxy attack.” This technique is when an attacker sends a link either via SMS or email that sends the victim to a phishing website. One that usually looks identical to the legitimate site. For the average tech user it is nearly impossible to tell that it’s fake. Once the user enters credentials and types in the code they just received thinking that they are on the legitimate website. The hacker, now with credentials and the authentication code can use the real website and compromise the account.
Another way hackers can get through MFA is by creating fake browser extensions. For example, Google Chrome has browser extensions that allow tab management, and things such as dictionaries. These plugins deiguised as fake browser extension can be sent as SMS, email or perhaps as an online ad. Hackers generally use social engineering techniques to make people install these fake extensions. Once installed, these plugins can steal all the data within the browser such as login information or bank information.
In the case of the recent attack on MGM, a hotel and casino company, a easy 10 minute phone call was all it took to compromise their network. The hackers went on Linkden and found a employee then called the help desk. According to The Stack, the hackers exact approach was not detailed, however, simply pretending to be IT support, saying that malicious malware has been detected and that you need remote access by getting the user to download a fake tool has been a go to for these social engineering hackers. Another way is by, pretending to be the employee who forget his login information as his name and everything was found off Linkden. Help desk can then reset passwords making it so that the hacker can compromise that account and bypass MFA.
Sources: Slashnext