3 min read
Navigating the Cybersecurity Maze: Your Guide to Cybersecurity Training
As the digital landscape evolves, the demand for skilled cybersecurity professionals has never been higher. Whether you're looking to pivot your...
Multifactor authentication (MFA), a longstanding bedrock of cyber defense strategy, has come under attack. While MFA remains a key and effective requirement to preventing many cyberattacks, we're seeing evidence that threat actors are beginning to develop tactics that may defeat it in certain circumstances.
MFA is a security process that requires authorized users to provide multiple forms of identification prior to gaining access to a system, application, or network. They are designed to prevent social engineering attacks that manipulate victims into transferring large sums of money or other sensitive data to criminals. Typically, MFA combines at least two of the following factors:
Despite the robust cybersecurity that MFA may provide, it's not 100% effective at all times. According to Steve Ramey, CEO of leading cybersecurity firm IronGate, organizations need to be aware of emerging criminal tactics that aim to defeat MFA:
Malware: End-user devices are infected with malware to remotely control the device. This malware can be delivered through phishing emails, malicious links or compromised websites. Once compromised, adversaries usually have full control of the device. Their objectives are multiple:
Used with permission.
Man-in-the-middle (MITM) attack: In a MITM attack. the adversary intercepts the victim's transmissions. Phishing emails are used to deliver the malicious URL, and adversary websites appear as legitimate sites with typical branding (most are cloned from real sites). Objectives include:
Organizations can deploy several strategies to counter the MFA bypass threats. IronGate's Steve Ramey outlines these three strategies:
Use of strong authenticators: Phishing-resistant MFA involves using authentication factors that aren't easily intercepted or duplicated by attackers. These factors can include hardware security keys or biometric identifiers like fingerprints or facial recognition.
Direct communication: The authentication factor communicates directly with the authentication server or service. For example, a hardware security key might use a physical connection (like USB) or a wireless protocol (like NFC or Bluetooth) to authenticate directly with the service, without the user having to enter any information that phishers could capture.
No reusable passwords: Unlike traditional MFA methods that might still rely on a password as one factor, phishing-resistant methods avoid any credentials that could be reused or intercepted. Even if a phisher tricks a user into attempting a login on a fake site, the phisher can't capture the necessary information to replicate the login elsewhere.
Cyber insurance and other insurance policies may help organizations transfer risks associated with losses stemming from social engineering and many of the latest emerging cyber threats.
Many policies provide access to crisis services, including breach coaches, IT forensics investigators and several other breach response experts. Those with cyber insurance should be mindful of claim reporting obligations, requirements to use insurance panel breach response vendors, evidence preservation and issues that may impact attorney-client privilege.
Cyber insurance applicants should be prepared for underwriting scrutiny around several cyber security controls. For more information around how to prepare, see our Cybersecurity Controls Checklist.
If your company has been attacked successfully, and a financial transfer was completed, there are a few ways to mitigate risk and exposure.
Contact us today to learn more about our Digital Forensics and Incident Response (DFIR) services.
|
Steve Ramey has spent the past two decades helping clients protect, investigate, and respond to events involving their digital interests. He has led hundreds of data breach investigations, assessed incident response and security programs, and successfully advised organizations through extortion negotiations. |
3 min read
As the digital landscape evolves, the demand for skilled cybersecurity professionals has never been higher. Whether you're looking to pivot your...
4 min read
Make Tabletop Exercises a Cost-Effective Way to Enhance Your Organization's Incident Response
1 min read
October 24, 2023 IronGate CEO Steve Ramey on PLUS Podcast Series, Season 2, Episode 1