This blog is a response to an FBI Report: Cyber Criminals Bypassing Common MFA Techniques

Author: Robert James - Senior Solution Architect, Uniken Inc.

Abstract

FBI warns private industry of increased emergence of attacks that compromise authenticator apps, a common MFA technology that is largely seen as a better alternative to SMS based 2FA. Research has shown that new malware can steal software authenticator tokens. Traditional authenticator apps are now arguably “insecure” and “outdated”. Organizations must use a better, more robust authentication solution.

Authenticating a customer should be effective, but easy. It should be absolute, not best guess. The customer experience should be seamless, consistent, and secure. REL-ID provides the only invisible complete defense-in-depth secure authentication platform.

2FA – What it is and How it’s Under Attack

2FA, coequally known as “Two-Factor Authentication”, is used as a security method for authenticating that a user is who they say they are. 2FA has been in use for several years globally across a myriad of organizations. Before we get into the nitty-gritty, let’s discuss what 2FA is.

RJBlog1

The security industry widely considers a factor of authentication as: something you have, something you know, or something that you are. 2FA is a combination of two of these factors. For example, you may have your mobile device, and you may know your username and password. Logging into a website may prompt an SMS message containing a one-time passcode (OTP) to be sent to your phone – which you would enter into the website to “prove” that you are an authentic user. This utilizes your knowledge of your username and password, as well as the one-time passcode that was sent to your device, which theoretically proves that the user is in possession of the associated device or account phone number.

SMS based OTP as a second factor is arguably “outdated” and “insecure”. This model has several flaws and the recent report from the FBI details how attackers could easily bypass SMS-based 2FA security measures. The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. Specifically, the FBI states, "Over the course of 2018 and 2019, the FBI's Internet Crime Complaint Center and FBI victim complaints observed ... SIM swapping as a common tactic from cybercriminals seeking to circumvent two-factor authentication”.

Understanding this, many companies and users instead opt for software authenticators like Google Authenticator, as it’s generally considered to be more secure than SMS-based 2FA. The FBI report and a new report from security firm Threatfabric point out that attackers are now targeting 2FA that relies on authenticator apps using a combination of social engineering and technical attacks.

The FBI report highlights that phishing attacks have adapted to being able to capture and replay the one-time passcodes that authenticator apps generate. In fact, it highlights specific tools that have gone so far as to automate the whole process.

The report by Threatfabric provides insight to new malware that is designed to steal your software authenticator tokens by “Abusing the Accessibility privileges. The Trojan can now also steal 2FA codes from the Google Authenticator application. When the app is running, the Trojan can get the content of the interface and can send it to the C2 [command and control] server. Once again, we can deduce that this functionality will be used to bypass authentication services that rely on OTP codes,” reads an excerpt of the report.

REL-ID. Modern Defense-in-Depth Secure Authentication Platform

Simple 2FA is no longer secure. One of the mitigation strategies highlighted in the FBI report is to “consider using additional or more complex forms of multi-factor authentication”. We agree, and strongly suggest that organizations consider a modern and innovative end-to-end security authentication platform like REL-ID. REL-ID utilizes six total factors of authentication, and unlike traditional authentication solutions, REL-ID helps companies become PSD2 compliant – more on that in a bit.

REL-ID utilizes a split private-private keypair for simultaneous and mutual authentication of the client and the server. The invisible mutual authentication then opens a session-specific man-in-the-middle proof secure channel. This makes all of your API’s go “dark”, completely eliminating API attacks. The current state of security, if you are familiar with TLS, is connect – then authenticate. Anyone can connect to your backend before they are authenticated. Utilizing REL-ID, you have to authenticate first before you’re allowed to connect.

blog3

REL-ID. Built-in Intelligent Endpoint Threat Detection

REL-ID utilizes invisible, built-in intelligent endpoint threat detection with advanced machine learning to detect zero-day malware threats. REL-ID can even detect system-less root hiding and jailbreak technology, like Magisk. The winning combination of our end-to-end security platform ensures the highest security with the best customer experience.

The best part? It’s completely immune to phishing attacks – the main attack vector noted by the FBI.

Conclusion: REL-ID is the Solution

Traditional 2FA is no longer secure. REL-ID is the future of authentication providing six total factors for password-less authentication and encrypted MITM proof secure channels – all combined with industry leading machine learning zero-day-aware Mobile Threat Detection. Consider a modern and innovative end-to-end secure authentication platform like REL-ID. REL-ID brings the best security and authentication to eliminate fraud – while providing the same consistent and seamless user experience across all your business channels.

Authenticating a customer should be effective, but easy. It should be absolute, not best guess. The customer experience should be seamless, consistent, and secure. REL-ID provides the only invisible complete defense in depth secure authentication platform.

 

 Want to learn more?

For more information, contact info@uniken.com

 

                                                             Website | LinkedIn  | Twitter

 

References:

FBI Report - https://info.publicintelligence.net/FBI-CircumventingMultiFactorAuthentication.pdf

Threatfabric - https://www.threatfabric.com/blogs/2020_year_of_the_rat.html