A recent surge in phishing attacks that successfully bypass multi-factor authentication (MFA) has been traced back to a new type of software for sale on the black market. This software allows cybercriminals to bypass one of the most widely used security measures, putting both individual users and businesses at risk. The software exploits a vulnerability in the MFA process, specifically targeting the “app-based” authentication method. As a result, even those who take precautions to protect their accounts by using MFA may still find themselves vulnerable to these sophisticated attacks.
Security experts are urging companies and individuals to be vigilant and take additional steps to protect their accounts. This includes using hardware-based security keys, which are considered more secure than app-based authentication, and implementing robust security policies to minimize the risk of successful phishing attacks. As cybercriminals continue to develop new tools and tactics, it is crucial for users to stay informed and take all necessary precautions to safeguard their sensitive information.
For more see: Software for sale is fueling a torrent of phishing attacks that bypass MFA.