Hackers are Finding Better Ways to Outwit 2FA—Here’s how

Security
Tezos / Unsplash

Although two-factor authentication remains one of the most trusted security methods, malicious users improve their ways to defeat it.

What is 2FA?

Web users have long viewed two-factor authentication, or 2FA, as an important and powerful tool for protecting their digital lives.

With access to a secondary piece of information, such as an automated code texted to your phone or device, companies are able to verify that the account holder is you and not someone else who plans on employing malicious attacks on your personal information.

Why is 2FA not secure now?

Unfortunately, according to a new study, hackers have discovered a variety of effective ways to bypass your 2FA protections-and they're using them frequently to orchestrate cyber attacks when you least expect it.

In the study, authored by academic researchers at Stony Brook University and cybersecurity firm Palo Alto Networks, they describe the recent detection of phishing toolkits that allow hackers to outwit two-factor authentication and other security protections.

If recalled, toolkits simply refer to malicious software designed to assist in cyberattacks. They are created by criminals and are commonly distributed on dark web forums, where anyone can access and use them illegally.

The study, first reported by The Record, from Stony Brook showed that malicious programs like the said toolkits are being used to phish and steal 2FA login credentials from users of major tech giants sites. Moreover, the number of software toolkits floating around in the digital netherworld is exploding where there are at least 1,200 of them.

Cyberattacks that defeat 2FA and other security protections are by no means new; however, the increasing sophistication and awareness of these malicious programs have led them to become more widespread as well.

How the Toolkits Work

Cyberattacks using toolkits defeat two-factor authentication by stealing information that arguably holds more value than your password, which is your 2FA authentication cookies. These cookies are files that are automatically stored on your web browser when you authenticate using the said security protection.

Now there are two possible ways they can steal the 2FA cookies;

For starters, the cyber attacker can either infect your computer with malware capable of stealing data. Or they can steal your cookies together with your password before they ever reach the website that is trying to authenticate you-before they ever come in contact with the site authenticating you.

The cyberattack is executed by phishing the victim and intercepting their web traffic using a Man-in-the-Middle attack, which redirects the traffic to a phishing site as well as an associated reverse proxy server. In this way, the attacker can intercept all the information passing between you and the website you're trying to access along with your security protections.

As per the Record, as long as your cookies are still active after a hacker steals your traffic and snares those cookies, then they can access your account. This could be a long time when it comes to accounts like social media sites.

The whole development is a bit disappointing because, up until recently, 2FA was widely regarded as a method of identity verification and account security protection.

Recent studies have also shown that some people don't bother implementing 2FA at all, which may mean larger fish to fry in the realm of web security.

This article is owned by Tech Times

Written by Thea Felicity

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics