Threat Intelligence

12/20/2018
12:10 PM
50%
50%

Hackers Bypass Gmail, Yahoo 2FA at Scale

A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.

Amnesty International this week released a report detailing how hackers can automatically bypass multifactor authentication (MFA) when the second factor is a text message, and they're using this tactic to break into Gmail and Yahoo accounts at scale.

MFA is generally recommended; however, its security varies depending on the chosen factor. Consumers prefer second-factor codes sent via text messages because they're easy to access. Unfortunately for some, cybercriminals like them for the same reason.

Amnesty discovered several credential phishing campaigns, likely run by the same attacker, targeting hundreds of individuals across the Middle East and North Africa. One campaign went after Tutanota and ProtonMail accounts; another hit hundreds of Google and Yahoo users. The latter was a targeted phishing campaign designed to steal text-based second-factor codes.

Throughout 2017 and 2018, human rights defenders (HRDs) and journalists from the Middle East and North Africa shared suspicious emails with Amnesty, which reports most of this campaign's targets seem to come from the United Arab Emirates, Yemen, Egypt, and Palestine.

Most targets initially receive a fake security alert warning them of potential account compromise and instructing them to change their password. It's a simple scheme but effective with HRDs, who have to be on constant high alert for physical and digital security.

From there, targets are sent to a convincing but fake Google or Yahoo site to enter their credentials; then they are redirected to a page where they learn they've been sent a two-step verification code. Entering the code presents them with a password reset form. Most people wouldn't question a password change prompt from Google as it seems legitimate.

Attackers automate the full process: getting victims to log into their email accounts, obtaining the two-factor code, and prompting them to change their passwords.

It's worth noting text-based authentication is mostly unsafe for high-risk people because attackers have to pick a specific target. For corporate leaders and other folks holding sensitive data, it's worth exploring stronger methods of MFA, such as physical security keys.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6455
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.
CVE-2019-6456
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.
CVE-2019-6457
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.
CVE-2019-6458
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.
CVE-2019-6459
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.