SolarWinds hackers have a clever way to bypass multi-factor authentication

by
Dan Goodin
from Ars Technica - All content on (#5BNEB)
multi-factor-authentication-800x632.jpg

Enlarge (credit: Getty Images)

The hackers behind the supply chain attack that compromised public and private organizations have devised a clever way to bypass multi-factor-authentication systems protecting the networks they target.

Researchers from security firm Volexity said on Monday that it had encountered the same attackers in late 2019 and early 2020 as they penetrated deep inside of a think tank organization no fewer than three times.

During one of the intrusions, Volexity researchers noticed the hackers using a novel technique to bypass MFA protections provided by Duo. After having gained administrator privileges on the infected network, the hackers used those unfettered rights to steal a Duo secret known as an akey from a server running Outlook Web App, which enterprises use to provide account authentication for various network services.

Read 7 remaining paragraphs | Comments

index?i=fK27u3VV2pA:E-_cFiz5Ydg:V_sGLiPB index?i=fK27u3VV2pA:E-_cFiz5Ydg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments