Cybersecurity: Your Multi-Factor Authentication May Not Save You

Here’s some scary news from Robinson + Cole regarding one of the latest innovations in cyber-attacks:

Security professionals rely on the implementation of multifactor authentication (MFA) to defend against phishing attacks and intrusions. Unfortunately, we can’t completely rely on MFA to protect us as threat actors (more specifically, ShinyHunters) are now targeting companies in technology, financial services, real estate, energy, healthcare, logistics, and retail with synchronized vishing-phishing attacks.

The newest attacks involve the threat actors pretending to be IT staff who called employees to tell them that the company was updating MFA settings. While on the phone with the employee, the threat actor directed them to a malicious credential harvesting site that spoofed the company to capture the employees’ single sign on credentials and MFA codes, then registered their device for the MFA push.

Once the bad guys have accessed the system, they do the usual bad guy stuff – download sensitive data, extort ransoms from companies, and harass employees. The blog says that this latest twist on cyber-attacks illustrates how crucial it is for companies to educate their employees on the latest cybersecurity threats in order to enable them to identify them and avoid falling prey to the bad guys.