Some recent news articles of interest on identity security …
Cisco Talos on frequency of MFA attacks in 2024
During the first quarter of 2024, Cisco Talos’s incident response teams saw MFA attacks in almost half of all security incidents they worked on, with fraudulent MFA push notifications in one quarter of attacks.
Using another data set from Cisco Duo deployments, Cisco also said that many MFA push notification attacks are timed for pre-work hours (e.g., 8-9am) in the hope that distracted workers will let something slip through.
See Cybersecurity Dive.
Design flaw in Microsoft Authenticator
Microsoft Authenticator, an app for safeguarding accounts with time-based tokens for MFA, has a long-standing design flaw that Microsoft doesn’t seem keen to fix. When a user scans a QR code to add a new account, but their user name is the same as one that already exists in the app, Authenticator will overwrite the most recent one. Oops. The user may not realize their loss until some time later, at which point they are most likely to blame the issuer of the code, not Authenticator. This flaw does not apply to Microsoft-issued codes.
See CSO Online.
OTP Agency founders plead guilty to charges
The three founders of the OTP Agency in the United Kingdom, a service that enabled the theft of one-time codes used for authentication, plead guilty to charges of making and supplying articles for use in fraud and money laundering. When the OTP Agency was operational, it sold a weekly subscription for bypassing multi-factor authentication safeguards and had around 2,200 members on its Telegram group.
See Forbes.
Leave a Reply