Last month, the FBI sent a special alert called a Private Industry Notification (PIN) to industry partners about the rising threat of attacks that bypass their multi-factor authentication (MFA) solutions.
"The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks," the FBI wrote in a PIN that was sent out September 17, 2019.
And they are right, at the moment there are multiple ways to bypass MFA protections. Practically all of them can be broken somehow or another. The FBI alert pointed a things like SIM swapping and using flawed proxies. They gave some examples of recent incidents where MFA protections were bypassed and money was stolen from individuals and organizations.
MFA Is Still Effective And Recommended. Just Not A Silver Bullet.
The FBI made it very clear that its alert should be taken only as a precaution, and not an attack on the efficiency of MFA, which the agency still recommends. The FBI still recommends that organizations use MFA. However, they do want you to know that there now are ways the bad guys can bypass this type of protection.
"Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks," the FBI said.
Here Is Something You Can Do About This Right Now
You already know that using multi-factor authentication (MFA) can decrease your cybersecurity risk, and certainly is a much stronger defense compared to using traditional passwords alone. However, did you know that all MFA mechanisms can be hacked, and in some cases, it's as simple as sending a phishing email? In fact, according to a Deloitte’s Cyber Threats report, 48% of cybersecurity breaches are NOT preventable by strong multi-factor authentication.
KnowBe4 has a brand-new MFA Security Assessment Tool.
The bad guys leverage phishing, gaps in your authentication process, and a host of other security vulnerabilities to bypass MFA and compromise your users’ accounts. That's why it’s crucial to understand the exact security risks your MFA solution has and how your users may be compromised so you can take action to mitigate those risks and educate and train your users.
Find out how best to defend against MFA hacks!
KnowBe4’s new Multi-Factor Authentication Security Assessment (MASA) is the only complimentary assessment tool for IT Pros to assess and uncover the specific attacks and risks your MFA solution may be vulnerable to. MASA helps you gauge your organization’s MFA security readiness and identifies the potential risks associated with your MFA implementation.
MASA leverages direct expertise from one of the market’s leading security evangelists and InfoSec consultants; Roger Grimes, KnowBe4’s data-driven defense strategist. With 30+ years experience in computer security and MFA risk assessments, it’s like having your very own expert consultant.
Here’s how MASA works:
- You will receive a custom link to take your assessment
- Answer a series of technology questions relevant to your MFA solution
- Get an instant high-level snapshot of potential risks with your MFA
- Receive your in-depth report packed with actionable insights and detailed analysis on specific MFA attacks and tips for your top defenses
Find out how hackable your MFA solution is now before the bad guys do!
Don't like to click on redirected buttons? Copy & paste this link into your browser:
https://www.knowbe4.com/multi-factor-authentication-security-assessment