Hackers are Getting Better and Better at Defeating Two Factor Authentication Security - Says Researchers.
Two-factor authentication, or 2FA, has been sold to web users as one of the most important and trustworthy tools for securing your digital life. You probably know how it works: By supplying an account with not just your password but also a secondary piece of information (typically an automated code texted to your phone or device of choice), companies can verify that whoever signs into your account is definitely you and not just some goon who’s managed to get their hands on your personal information.
However, according to new research, said goons have unfortunately found a number of effective ways to get around your 2FA protections—and they’re using these methods more and more.
The study, put out by academic researchers with Stony Brook University and cybersecurity firm Palo Alto Networks, shows the recent discovery of phishing toolkits that are being used to sneak past authentication protections. Toolkits are malicious software programs that are designed to aid in cyberattacks. They are engineered by criminals and typically sold and distributed on dark web forums, where any digital malcontent can buy and use them. The Stony Brook study, which was originally reported on by The Record, shows that these malicious programs are being used to phish and steal 2FA login data from users of major online websites. They’re also exploding in use—with researchers finding a total of at least 1,200 different toolkits floating around in the digital netherworld.
Granted, cyberattacks that can defeat 2FA are not new, but the distribution of these malicious programs shows that they are becoming both more sophisticated and more widely used.
Comments
Post a Comment