{"id":15200,"date":"2023-12-29T10:21:33","date_gmt":"2023-12-29T10:21:33","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-gl\/?p=13641"},"modified":"2023-12-29T10:21:33","modified_gmt":"2023-12-29T10:21:33","slug":"understanding-phishing-attacks-and-how-phishing-resistant-mfa-can-help","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-kh\/blogs\/understanding-phishing-attacks-and-how-phishing-resistant-mfa-can-help\/","title":{"rendered":"Understanding Phishing Attacks and  How Phishing-Resistant MFA Can Help"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15200\" class=\"elementor elementor-15200\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bb6f871 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bb6f871\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d67c78c\" data-id=\"d67c78c\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bc833bd elementor-widget elementor-widget-image\" data-id=\"bc833bd\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/ivaluegroup.com\/en-gl\/wp-content\/uploads\/2023\/12\/phishing-resistant-mfa-methods.jpg\" title=\"\" alt=\"\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-075ce12 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"075ce12\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bbc03a5\" data-id=\"bbc03a5\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-37605f8 elementor-widget elementor-widget-text-editor\" data-id=\"37605f8\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p>Let\u2019s take you back to 2015, when Ukraine was a much calmer place. Relatively, because the seeds of the current war were being planted then itself with Russia\u2019s annexation of Crimea. On one not-so-fine day in December, more than 2.3 lakh Ukrainians suddenly lost access to power for close to 6 hours. Not a big deal in India maybe, a big deal there. Turns out, Russian hackers planted malware into a Ukrainian electric utility company\u2019s infrastructure. And the way they achieved their master plan was through\u2026 a simple, seemingly innocuous email sent to a power plant employee.<\/p><p>\u00a0<\/p><p>Around the same time, Google and Facebook realized that they were duped out of $120 million in vendor payments. Nope, it wasn\u2019t an army of hackers perpetually using brute force and DDoS attacks to breach the seemingly impenetrable servers of these tech behemoths. It was a single guy called Evaldas Rimasauskas creating a series of fake invoices over a period of 2 years in the name of Taiwan-based Quanta Computer, one of Google and FB\u2019s actual vendors.<\/p><p>\u00a0<\/p><p>Popular culture dictates that black-hooded cyber criminals\u2019 slave away on their systems all day, trying to find the slightest hint of fallacy. But the fact of the matter is:<\/p><p>\u00a0<\/p><p><em>\u201cToday\u2019s attackers don\u2019t <strong>hack in<\/strong>, they <strong>login<\/strong>.\u201d<\/em><\/p><p>\u00a0<\/p><p>And they login through a variety of social engineering methods, the most common of which is known as <strong>phishing.<\/strong> It\u2019s a type of attack often used to steal user data, like credit card numbers or more relevantly, login credentials, by manipulating the victim to provide details.<\/p><p>\u00a0<\/p><p>Often, the attacker masquerades as a trusted entity and dupes a victim into opening an SMS or an email. Post which, they are tricked into clicking a malicious link and entering their details on said link. The attacker then uses these credentials to enter the system and plant malicious software like malware and ransomware. Or, if they aren\u2019t looking for ransom, they simply extract the info and sell it to the highest bidder.<\/p><p>\u00a0<\/p><p>The ramifications are frightening. Decreased stock performance. Disruption of operations. Damage to your brand image. Loss of customers, assets, and IP. It\u2019s a long, depressing list.<\/p><p>\u00a0<\/p><p>Safe to say that phishing has become a real problem.<\/p><ul><li>It\u2019s now become a quintessential service on the dark web.<\/li><li>Over 3.4 billion malicious emails are sent out daily.<\/li><li>According to a study by Norton, 88% of organizations face spear phishing attacks every year. (More on spear phishing in a bit.)<\/li><li>India Ransomware Report 2022 calls out phishing as the major pivot point for attackers gaining initial network access.<\/li><\/ul><p>\u00a0<\/p><p>There are many types of phishing. Fair warning, be prepared for force-fits and oceanic puns.<\/p><ul><li><strong>Sm<\/strong>i<strong>s<\/strong>hing is phishing where the attack is through <strong>SMS<\/strong>.<\/li><li><strong>V<\/strong>ishing is through <strong>v<\/strong>oice call.<\/li><li><strong>Spear phishing<\/strong> targets employees in a specific enterprise.<\/li><li>And <strong>whaling<\/strong> is directed at senior executives and other privileged users in that enterprise.<\/li><\/ul><p>\u00a0<\/p><p>There was a time when there were tell-all signs that you were being phished. Spam mails loaded with typos, sketchy website names, shady messages asking you to change your password WITH IMMEDIATE EFFECT.<\/p><p>\u00a0<\/p><p>But as phishing programs became more and more sophisticated and less and less distinguishable from official communication, along came something to counter it called MFA.<\/p><p>\u00a0<\/p><p>Multi-Factor Authentication. (MFA)<\/p><p>\u00a0<\/p><p>An authentication method requiring users to provide two or more verification factors to gain access to a resource. Essentially, to access something, you need to have 2 of these 3:<\/p><ul><li>Things you know, like your password<\/li><li>Things you have, like your smartphone<\/li><li>Things you are (inherence), like your voice and your fingerprints<\/li><\/ul><p>\u00a0<\/p><p>The most common MFA is a login on your device, followed by an OTP on your phone. Google does a login, followed by a tap of acknowledgement from a previously used device.<\/p><p>\u00a0<\/p><p>It drove away attackers\u2026 for a while. Then, they figured it out and came back. And boy, did they wreak havoc. In recent times, companies like Reddit, Twilio and Uber have all been subjected to MFA bypass attacks. All Uber\u2019s attack involved was an attacker pretending to be IT support, and boom, they were in.<\/p><p>\u00a0<\/p><p>Here\u2019s a (shockingly) easy way that attackers can bypass MFAs:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4d7ee51 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4d7ee51\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-10afe07\" data-id=\"10afe07\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-875c3e1 elementor-widget elementor-widget-image\" data-id=\"875c3e1\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/ivaluegroup.com\/en-gl\/wp-content\/uploads\/2023\/12\/1111.png\" title=\"\" alt=\"\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0f8ea53 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0f8ea53\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a58900b\" data-id=\"a58900b\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-367d639 elementor-widget elementor-widget-text-editor\" data-id=\"367d639\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>They lure you to a fake login page. You enter your username and password. The attacker now has it and uses it to login to the actual page. You then get an OTP and enter it into what you think is the actual page. Your attacker has that too, and now they\u2019re in.<\/p><p>\u00a0<\/p><p>Truth is, there are many limitations to traditional MFA. Transparent reverse proxies (TRPs) can bypass them. OTP codes are usually 4-6 digits long, and a hacker could use brute force to obtain the right OTP code if your app\u2019s rate limit restriction is ineffective. And if the factor other than your login is not linked to a particular device, like email-based verification, things can go south very fast.<\/p><p>\u00a0<\/p><p>Here\u2019s a comparison of the different types of MFAs from weakest to strongest:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-db74a30 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"db74a30\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-53378fc\" data-id=\"53378fc\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9a957a8 elementor-widget elementor-widget-image\" data-id=\"9a957a8\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/ivaluegroup.com\/en-gl\/wp-content\/uploads\/2023\/12\/2222.png\" title=\"\" alt=\"\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f821aed elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f821aed\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2c3226c\" data-id=\"2c3226c\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-feb43f2 elementor-widget elementor-widget-text-editor\" data-id=\"feb43f2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>And the solutions towards the right end of this spectrum are exactly what you need to safeguard your organization from phishing. They\u2019re aptly called <strong>phishing-resistant MFA<\/strong>.<strong>\u00a0<\/strong><\/p><p>\u00a0<\/p><p>Resistance is achieved by providing proof of identity combined with intent through deliberate action. And it incorporates something called a FIDO authenticator, named after the alliance, that pioneered it, that uses public key cryptography to ensure utmost security.\u00a0<\/p><p>\u00a0<\/p><p><strong>Public key cryptography<\/strong> is a method of encrypting data with two different keys &#8211; a public key available for everyone to use, and a private key for individual users. The public key encrypts, the private key decrypts. All it takes is an origin ID and token\/session banding to ensure secure access. You get a certified physical token, always keep it on you, use it during your login, and that\u2019s that. There are no shared secrets at any point in the login process, eliminating the attacker\u2019s ability to intercept and replay access credentials. Funny enough, even though this type of authentication is only recently gaining prominence, it\u2019s been around for close to a decade.<\/p><p>\u00a0<\/p><p>Let\u2019s now revisit the earlier scenario of an attacker bypassing your OTP-based MFA and replace that with a FIDO-based physical token. Sure, the attacker may have your credentials at the first hurdle, but as soon as they move to the second step, your site will ask for FIDO-based authentication involving cryptographic exchange, and they won\u2019t be able to login. Your site will recognize that the incoming user does not have the token to authenticate, and access is promptly denied.<\/p><p>\u00a0<\/p><p>There are many benefits to adopting phishing-resistant MFA:<\/p><ul><li>The user experience is smooth, while security is incrementally increased. In the case of FIDO2 authentication, you don\u2019t even need a password.<\/li><li>It increases security, especially when dealing with outside organizations and active\/passive third parties.<\/li><li>It incorporates more precise controls for access to files, internal networks &amp; other systems.<\/li><li>It provides a mechanism for organizations to meet security and regulatory requirements.<\/li><\/ul><p>\u00a0<\/p><p>Sure, it requires some investment, but it also leaves no stone unturned in ensuring completely secure authentication and is your best bet against the perils of phishing. So if this article has made you a believer, and you\u2019re ready to assimilate phishing-resistant MFA into your organization, <u>click here<\/u> for tips on how to get started!<\/p><p>\u00a0<\/p><p>\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Let\u2019s take you back to 2015, when Ukraine was a much calmer place. Relatively, because the seeds of the current war were being planted then itself with Russia\u2019s annexation of Crimea. On one not-so-fine day in December, more than 2.3 lakh Ukrainians suddenly lost access to power for close to 6 hours. Not a big &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/ivaluegroup.com\/en-kh\/blogs\/understanding-phishing-attacks-and-how-phishing-resistant-mfa-can-help\/\"> <span class=\"screen-reader-text\">Understanding Phishing Attacks and  How Phishing-Resistant MFA Can Help<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":19,"featured_media":15059,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[109],"tags":[],"whitepapers":[],"case_studies":[],"acf":[],"_links":{"self":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts\/15200"}],"collection":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/comments?post=15200"}],"version-history":[{"count":0,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts\/15200\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/media\/15059"}],"wp:attachment":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/media?parent=15200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/categories?post=15200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/tags?post=15200"},{"taxonomy":"whitepapers","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/whitepapers?post=15200"},{"taxonomy":"case_studies","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/case_studies?post=15200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}