Hackers get better at defeating two-factor authentication (2FA) security

Image of the article entitled Hackers are getting better and better at defeating your 2FA security

Photo: Daniel Mihailescu / AFP (Getty Images)

Two-factor authentication, or 2FA, was sold to web users as One of the most important And trustworthy tools to secure your digital life. maybe you know How it worksBy providing an account with not only your password but also a secondary piece of information (usually an automatic code sent to your phone or device of choice), companies can verify that whoever logs into your account is definitely you and not just someone Clumsy managed to get your personal information into their own hands.

However, according to new research, fools have unfortunately found a number of effective ways to get around 2FA protection – and they are using these methods more and more.

the study, developed by academic researchers from Stony Brook University and cybersecurity firm Palo Alto Networks, shows the recent discovery of phishing toolkits being used to hack past authentication protections. Toolkits They are malware designed to aid in cyber attacks. They are designed by criminals and are usually sold and distributed on dark web forums, where any digital freak can buy and use them. The Stony Brook study, which was originally reported by register, explains that this malware is used for phishing and to steal two-factor authentication login credentials from users of major websites on the Internet. It’s also exploding in use – researchers have found at least 1,200 different toolkits floating in the digital underworld.

Surely the cyber attacks that can defeat two-factor authentication are not newHowever, the distribution of these malicious programs shows that they are becoming more sophisticated and widely used.

Toolkits get around 2FA by stealing something arguably more valuable than your password: 2FA authentication cookies, which are files that are saved on your web browser when you perform the authentication process.

According to the study, said cookies can be stolen in one of two ways: a hacker can infect a victim’s computer with data-stealing malware, or he can steal cookies in transit– along with your password – before they reach the site trying to authenticate you. This is done by phishing the victim and capturing their web traffic through a file man in the middle Attack style that redirects theElectronic traffic to a phishing site and its associated reverse proxy server. This way, the attacker is able to get in between you and the website you’re trying to log into – thus capturing all the information that passes between you.

After a hacker silently hijacks your traffic and grabs those cookies, they can enjoy access to your account for as long as the cookie persists. In some cases – like social media accounts – this can take a long time, log notes.

This is all a little disappointing, because in recent years, the term 2FA has been so Widely seen An effective means of identity verification and account security. Then again, recent studies have also shown that many people Don’t even care With two-factor authentication (2FA) enabled in the first place, if true, it means we likely have more fish to fry in the web security department.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button