Social engineering attacks, when carried out by a skilled subject, are extremely difficult to counter because they target human failings rather than attempting to circumvent technological security. Multi-factor authentication (or MFA) requires users to provide at least two verification factors to access an account or resource. This is a recognized and highly recommended way to overlay security controls. However, recent attacks have shown that even with MFA, this extra layer of security can be bypassed.
What do we know about the recent attacks?
In mid-September, Uber reported a network hack that cut some internal communications and locked the codebase to prevent further code changes. The attacker allegedly targeted the contractor by sending multi-factor authentication login messages. The attacker reportedly sent several notices, sometimes referred to as “Foreign fatigue”, until the contractor agreed. Once the contractor accepted the fake two-factor login permission, the attacker was able to successfully log in. Uber says no access was made to public systems or customer data, but the investigation is ongoing.
A few days later, video game maker Rockstar Games announced that its network had also been invaded by an unauthorized third party. According to the company, the attacker managed to obtain confidential information, including footage from the beginning of the development of his popular game Grand Theft Auto. The company said work on the new game would continue as planned. The assailant behind the two attacks is believed to be a 17-year-old man who was arrested by London City Police in late September.
How to protect yourself from it?
Despite recent attacks, MFA remains an important part of a cyber defense strategy. The best defense for a business is a well-resourced, comprehensive cybersecurity program that constantly analyzes and adapts to the threats the business faces and educates staff. Security is smooth and always on the move. What may work as a defense today may not work the next. Today, flexibility and the confidence to adapt to changing threats are key elements of security. Unfortunately, there is no magic technology that can protect you from all current and future threats.
Recent attacks highlight the need for companies to control not only their own networks, but also third parties: for example, their vendors and vendors. All organizations should consider monitoring their data and credentials on the Clear Web, Deep Web, and Dark Web as they can alert you to potential data breaches or accounts that need to be reset.
Authentication methods, such as using number matching or requiring users to enter codes from authentication apps, provide stronger verification than codes sent via SMS or email, which are easier to intercept. Another option is to switch to a physical authentication key for employees.