Multi-factor & Risk-based Authentication , Security Operations , Video

Multifactor Authentication Bypass Attacks: Top Defenses

Joe Toomey of Cyber Insurer Coalition Details Rise in Attacks Targeting Weak MFA
Joe Toomey, head of security engineering, Coalition

Adversaries seeking easy access to enterprise networks continue to probe for weak multifactor authentication deployments, said Joe Toomey, head of security engineering at cyber insurer Coalition.

See Also: Securing the Cloud, One Identity at a Time

"MFA is really good and important, and everyone should be using it," he said. But at the same time, prepare "to play cat and mouse" with attackers as they hunt for weak, easy-to-exploit MFA deployments.

While push fatigue attacks and SIM swapping remain common, Toomey said one-time password session hijacking is now the most prevalent type of MFA bypass attack targeting Coalition's policyholders. Easily deployed via low-cost phishing toolkits, one-time password session hijacking directs victims to proxy, look-alike websites designed to steal their password and OTP token - such as the one generated by their Microsoft authenticator app for logging into their Microsoft 365 account - so the attacker can instead log themselves into the victim's account.

In this video interview with Information Security Media Group, Toomey also discussed:

  • Risks posed by the ongoing rise in nontargeted MFA bypass attacks;
  • The business case for deploying defenses that comply with the FIDO2 standard;
  • The role of managed detection and response in safeguarding MFA, and why Coalition gives policyholders discounts for using reputable MDR providers.

Toomey is responsible for the scanning engine, security controls, attack surface management and security analyst teams at Coalition. He previously served as senior director of engineering at VMware Carbon Black and security strategist for IBM Rational, among other roles throughout his 30-year career in software development.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.