Four Ways Hackers Will Exploit Your Multi-Factor Authentication Software
How to identify potential risks and protect your data
Don’t let your guard down!
All of us use passwords to protect our data, but a password alone — even if you follow best practices — is simply not enough to offer complete protection.
Layering on multi-factor authentication (MFA) software makes the probability of a breach much lower, but the consequences of a breach to the MFA application can be disastrous. These sorts of security hacks are more common than you think. By using an automated vulnerability scanning software like CodeHunter, you can catch the risks before they catch you.
How MFA works — adding an extra layer of security
Having a door without a lock makes little sense unless you want to invite an opportunistic thief inside. Installing a lock provides added security and installing a security system would make you even safer. MFA works similarly. Adding it to your data security system makes it much harder for cyber criminals to invade your data. Although a skilled thief or attacker could still conceivably breach your data, it would require more time, and they’d likely move on to an easier target.
MFA is a highly effective cybersecurity method, which is why so many companies are choosing to implement it in their cyber defense systems. Some benefits include the varying types of security layers (Time-Based-OneTime Passwords (TOTP), biometric verification, security questions, etc.); it also meets certain industry regulatory compliances. In short, it’s a powerful addition to any cyber defense ecosystem.
Still, we should never let our guard down when it comes to cybersecurity. While MFA is an effective way to strengthen security and lower the possibility of an attack, there is still a margin of risk in using it. Hackers can still breach them, so it’s important to scan these applications for vulnerabilities before distribution within an organization.
A risky example
When you consider the kinds of data that an MFA would protect, such as bank account information, social security numbers, and personal devices, hackers' interest in breaking through makes sense. Lockheed Martin discovered this in 2011 after a hacker reverse engineered their one-time access algorithm:
The incident involves the use of SecurID token from RSA to log into accounts and may be tied to, or at least use information extracted from, an attack on RSA Security's systems back in March. Unknown (or at least unidentified) hackers broke into the EMC divisions network and made off with unspecified information related to SecurID, possibly the seed used to generate one-time codes supplied by the token.
Lockheed Martin is a huge player in the aerospace industry, and the attack compromised their fighter jet computer systems. Imagine the potential catastrophes if this attack had gone unseen.
The Four favored MFA hacking methods
Understanding how hackers could gain access to your MFA code is the best way for you to continue protecting your assets. There are four general ways that hackers may exploit those applications:
Social Engineering The person using the MFA application inadvertently allows the hacker into or beyond the MFA. This could include phishing, baiting, quid pro quo, etc. Currently, real-time phishing attacks are the greatest threat in this category. In simple terms, this could be a proxy website in between the secure factor and the actual site a person is going to.
Legacy Protocols This method leverages legacy protocols for attacks on cloud accounts. Many organizations continue to allow legacy protocols to support legacy devices or applications such as copy machines or shared accounts, such as conference rooms, which can become compromised.
Channel Hijacking Channel hijacking attacks the victim’s phone or computer, usually with malware. PC malware can use man-in-the-browser or web injects to get information. Some malware steals the MFA from the phone. Sometimes, attackers even steal text messages via the cell tower directly, taking over the victim's phone number or hacking into their voice answering machine.
Combination Many hackers mix and match from the categories listed above. They may even include physical attacks like copying fingerprints and accessing secret key codes to bypass security.
While some of these methods are more difficult to avoid, scanning your MFA application for known and unknown vulnerabilities is a great first step to thwarting hackers before they can succeed.
Adding even more layers of security
Building key defense protocols into your organizational security practices will help to keep your data safe. These could include:
Automatically blocking access from risky locations and networks
Automatically blocking known hackers
Applying people-centric policies to high-risk users
Enforcing more granular controls on MFA authentication, such as browser locations or VPN
Implementing strict cybersecurity protocols around third-party applications and scanning for unknown risks are also key to reducing risk. CodeHunter is the world’s first platform to use mathematical algorithms to seek the unknown by searching for suspicious behavior, something that traditional methods of malware detection can’t do.
As the first platform of its kind in the cyber community, CodeHunter computes the full behavior of software as executed by the CPU and makes any obfuscation, spaghetti logic, dead-end code, or other evasion techniques useless. Once exposed, developers can determine the software’s true capabilities, and keep their data safe.
Learn more about protecting your infrastructure’s MFA and other key systems by reading our white paper: How to Mitigate Risk in the Supply Chain by Testing Third-Party Software Code