FBI Warns About Attacks That Bypass Multi-Factor Authentication

Slashdot is powered by your submissions, so send in your scoop

FBI Warns About Attacks That Bypass Multi-Factor Authentication (zdnet.com) 6

Posted by msmash on Monday October 07, 2019 @01:30PM from the watch-out dept.

The US Federal Bureau of Investigation (FBI) last month sent a security advisory to private industry partners about the rising threat of attacks against organizations and their employees that can bypass multi-factor authentication (MFA) solutions. From a report: “The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks,” the FBI wrote in a Private Industry Notification (PIN) sent out on September 17. While nowadays there are multiple ways of bypassing MFA protections, the FBI alert specifically warned about SIM swapping, vulnerabilities in online pages handling MFA operations, and the use of transparent proxies like Muraen and NecroBrowser.

FBI Warns About Attacks That Bypass Multi-Factor Authentication More | Reply Login

Comments Filter:

Old news (Score:2, Insightful)
by Anonymous Coward writes:
Why is the FBI just now issuing this alert? Even they acknowledge that this isn’t new.
*checks date on FBI alert – September 17th*
Why is ZDNet just now getting around to mentioning this?
*checks date on FBI post again*
Why is Slashdot just now mentioning … oh wait, this is the new slow Slashdot, nevermind.
- It’s going to be hosted somewhere. (Score:2)
  by bussdriver ( 620565 ) writes:
  Might as well let the good side see it too. Similar reasoning to going public with exploits… and eventually letting out more details (or threatening to) so that they are actually are noticed and patched.
  Just because you don’t see it doesn’t mean it hasn’t existed for a long time.
Proxies–teach me (Score:2)
by goombah99 ( 560566 ) writes:
I’ve wondered for some timeabout Proxies, transparent and visible.
Arethey a fully privledged Man in the Middle? Do they get to decrypt https? do VPNs help? Is there a way a server can detect a proxy is in front of the client and warn the client (e.g. a banking app?)
Limited to just SMS authentication? (Score:2)
by ctilsie242 ( 4841247 ) writes:
Unless I misread something, it looks like this attack vector is due to two factor authentication methods which use SMS for the second part. Banks and other institutions which use their own app, or Bog-standard TOTP are completely unaffected by this attack.
Of course, there are other attacks which can attack 2FA, mainly at the browser session level, but if one is using an authenticator, they should be OK, with the exception of places that offer recovery methods via SMS.
In any case, 2FA definitely raises the
If your second factor is a phone, it’s not 2FA (Score:2)
by dgatwood ( 11270 ) writes:
If your second factor is a telephone, you don’t actually have 2FA. After all, the second factor cannot be the same device that you’re using to sign in, because that’s the same physical device as the one with access to the first factor (the password).