Is Multi Factor Authentication A Security Placebo?
MFA has become a favorite longtime authentication protocol to be hacked.
Despite the technology’s generally sound and widely adopted design, the constant reports of MFA hacks confirm that it is far from impregnable – and security regulators victory should not be rested by treating this technology as a panacea.
Hackers have spent years scrutinizing MFA systems, promoting and leveraging them to understand how they work and where they might be vulnerable and how they can be circumvented or compromised.
Working techniques are widely traded online, with online listings (such as these five featured in DarkReading and 25 MFA hacks from Overt Software) recounting successful methods and those constantly evolving over time as hackers pivot with the MFA designers.
Their solutions range from practical to extremely complex, with some techniques heavily based on technical solutions and others heavily based on social engineering.
For example, Man-in-the-middle (MITM) attacks involve installing a proxy server that monitors authentication traffic until a valid access token is received; This token is then used to access the system. On the other hand, man-at-the-terminal attacks rely on malware that was previously installed on the terminal. Once a user is legitimately authenticated to a server, these tools establish a new remote access session that remains invisible to the user, but allows access to any of the company’s computer systems.
Other cybercriminals have hacked into the authentication API by intercepting the session ID, some even going so far as to reverse the algorithm that generates the original number and MFA cipher.
Another social engineering attack comes from SIM card swapping attacks – in which mobile phone providers are tricked into releasing a copy of the victim’s SIM card, allowing them to intercept the MFA code that is sent to the victim. sent via SMS. Among other successes, this tactic was used to steal $1 million in crypto from an unlucky investor. This year marks the discovery of a new class of purpose-built bots like OTP Agency and SMS ranger that make an automated phone call to victims about alleged unauthorized activity, then ask them to enter their current one-time password on their phone; this code is used for instant login to the target system.
The success of such attacks is far from academic:
The success of cybercriminals has caught the attention of the highest levels, with the FBI warning years ago that some types of two-factor authentication are being actively disrupted.
Reference:
Multi-factor authentication is nowhere near 100 percent effective.
Melbourne, Australia – Dec. 1, 2021
How big is the healthcare security market?
Robert Herjavec has been warning for more than a year about ransomware attacks on hospitals and healthcare providers. In 2016, his company, Herjavec Group, partnered with a journalist firm called Cybersecurity Ventures on a report indicating that ransomware damage would amount to $1 billion during the year.
In 2017, healthcare providers were the target of hackers.
As the healthcare industry continues to digitize all of its information, it continues to attract more attention from cybercriminals. This dynamic will be one of the many factors contributing to the growth of the healthcare security market over the next decade. Data thieves aim to steal financial and payment information or bank account numbers from laptops with unencrypted hard drives, or through spam or simple phishing. Today, they deploy advanced techniques, such as SQL Injections, Advanced Persistent Threats, Zero Day Exploits, and Ransomware.
Ransomware — in which an organization’s data is obfuscated by an attacker promising a price to obfuscate it — has become such a lucrative revenue stream for hackers that IDC predicts attacks. Such is aimed at healthcare organizations, that will double in size by 2018.
The firm Cybersecurity Ventures predicts that ransomware attacks against healthcare organizations will quadruple by 2020.
In its 2017 Data Breach Forecast, Experian, which provides identity protection services to consumers, predicted that ransomware will be a major concern for healthcare organizations this year, especially as these attacks have the potential to be catastrophic. “Ransomware offers an easier and safer way for hackers to withdraw funds; due to the potential for business disruption, most organizations will choose to simply pay the ransom,” the report notes.
He added: “This has unintended consequences for much of the research and development funded by attackers, who in turn develop more sophisticated and targeted attacks. “.
Atif Ghauri, CTO at Herjavec Group, a global information security company, said: “Healthcare is the most attacked industry we see today and what sets it apart is it affects people not only financially but also personally.
Ghauri warns of the risks of the Internet of Things (IoT) in healthcare. “Knowing your medical history, physical limitations, and other personal details puts people at risk. Consider only the IoT risk – a healthcare compromise could mean the death of a broken Wi-Fi heart pump or a malfunctioning smart bed in the operating room. It’s scary.
“We often educate our customers in this area about the risks of ransomware. “Over the past year, we have seen a number of hospitals being held hostage and paid ransom to regain control of their systems. We have never advocated paying ransoms with ransomware. Cybercrime law enforcement is effective today, and there’s no way to know that even if the ransom is paid you’ll get your data back.
The cost of ransomware damage is caused not only by cybercriminal activity, but also by healthcare organizations not training their staff on phishing and ransomware attacks , it does not back up data, and is generally unprepared for cyber defenses.”
Ghauri encourages healthcare organizations to strengthen their defenses and invest in staff training, technology, processes, and incident response plans to stay ahead of ransomware attacks.
Reference
Ransomware attacks on healthcare organizations are predicted to quadruple by 2020
Menlo Park, Calif. – Apr. 6, 2017 Cybercrime Magazine.
What is ICSS upto?
CyberSec101: 
Leave a comment