Article 5XN23 Lapsus$ and SolarWinds Hackers Both Use the Same Old Trick to Bypass MFA

Lapsus$ and SolarWinds Hackers Both Use the Same Old Trick to Bypass MFA

by
Fnord666
from SoylentNews on (#5XN23)

Freeman writes:

https://arstechnica.com/information-technology/2022/03/lapsus-and-solar-winds-hackers-both-use-the-same-old-trick-to-bypass-mfa/

Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor-be it a fingerprint, physical security key, or one-time password-before they can access an account. Nothing in this article should be construed as saying MFA isn't anything other than essential.
[...]
FIDO2 forms of MFA are relatively new, so many services for both consumers and large organizations have yet to adopt them.

That's where older, weaker forms of MFA come in. They include one-time passwords sent through SMS or generated by mobile apps like Google Authenticator or push prompts sent to a mobile device. When someone is logging in with a valid password, they also must either enter the one-time password into a field on the sign-in screen or push a button displayed on the screen of their phone.

It's this last form of authentication that recent reports say is being bypassed. One group using this technique, according to security firm Mandiant, is Cozy Bear, a band of elite hackers working for Russia's Foreign Intelligence Service. The group also goes under the names Nobelium, APT29, and the Dukes.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments