Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Windows Server Netlogon Exploit Code Publicly Exposed

Windows Server Netlogon Exploit Code Publicly Exposed
Read more...

Evilnum hackers targeting financial firms with a new Python-based RAT

Evilnum hackers targeting financial firms with a new Python-based RAT
Read more...

Try challenges


Register & Join The Game

Break It

Welcome to Exploit Zone


Become a ninja in the shadow !

News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !
Sign in to follow this  

PHISHING ATTACKS CAPABLE OF BYPASSING MULTI-FACTOR AUTHENTICATION INCREASE

Sign in to follow this  
AdminSec

222 views

Gmail, from Google, is one of the main services that use this login method

Network security and ethical hacking specialists from the International Institute of Cyber security ensure that malicious actors have been developing their methods to deploy phishing campaigns to the point where they are able to bypass multi factor authentication.

“There has been a significant increase in the number of phishing attacks capable of bypassing two-factor authentication (2FA)”, experts commented.

This phishing variant works by tricking the victim into revealing your password and a one-use code that protects your email account. This code of a use is very difficult to get for hackers, as it is sent to the phone number linked to the email account and expires less than a minute later.

A few months ago, Amnesty International detected a group of hackers who managed to bypass the authentication of two factors using an automatic phishing tool capable of extracting the keys and entering them on the legitimate platform. Subsequently, a network security expert launched a set of open source tools that worked in a similar way.

Because this one-use code is sent via SMS, any technique to intercept these utensils will be useful to complete the attack. Therefore, two-factor authentication is primarily vulnerable to attacks against the SMS system.

Google, which uses this authentication system for its Gmail service, is deploying a hacking prevention campaign, mainly through blocking logins from unknown locations. The company has also alerted users to possible emails with malicious links or attachments.

According to network security specialists, the best way to prevent this kind of attack is with hardware solutions, such as the USB security keys. These tools eliminate the need to receive a key by SMS, because the hardware itself works as a second way of authentication.

By Google policy, for example, all of its employees carry one of these security keys and, although their price is not the most economical, cybersecurity experts reaffirm that, so far, this is the best way to prevent phishing attacks.

The news about these phishing variants is a reminder to any user about how important it is to check what goes into your email. The operators of these campaigns will always try to impersonate legitimate services, such as streaming platforms or accounts in applications developed by third parties; It is the responsibility of each user to distinguish between legitimate and malicious content and know how to act in case of finding a phishing attempt.

  • Like 1
Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...