FBI: Phishing Can Defeat Two-Factor Authentication
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
Human beings can be tricked. This fact is a hard-to-patch vulnerability in many systems. And that is the tl;dr version of a notice from the FBI that recently hit industry groups.
According to the Private Industry Notification, criminals are bypassing two-factor authentication with a combination of well-known techniques including social engineering and man-in-the-middle attacks.
In addition to reminding organizations of the dangers of SIM-swapping exploits, the notice points to two new hacker tools: Mureana (named for a family of eels), which automates phishing attacks, and NecroBrowser, which helps to hijack a legitimate authentication session. Together, the tools can turn a victim's browser into a credential-stealing zombie that gives no notice to the legitimate user.
The FBI recommends that companies continue to educate users on phishing techniques and, for especially high-value accounts, use a variety of different authentication methods with tokens that regularly change.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024