Bypassing Multi Factor Authentication (MFA)

What is MFA and Why is it Important?

Multi Factor Authentication (MFA) is an authentication technique which requires two or more factors when authorizing the identity of a user to a platform, software, resource, device etc. With cloud type technologies (SAAS, PAAS, IAAS to name a few) MFA is quickly becoming a de facto standard for organizations with respect to user verification and authentication.

Multi Factor Authentication (MFA) Methods:

There is a myriad of methods that facilitate MFA as a major component in Identity Access Management (IAM) frameworks. These include:

?·???????? SMS Messages: A unique code is sent to the cellular device of the person attempting to login.

·???????? Email Verification: A unique code is sent to the email address associated with the account that is being accessed.

·???????? One Time Password (OTP): A password that can only be used once is sent to the email address associated with the account.

·???????? Mobile Application: There are various authentication applications that can be linked to the user account and upon accessing the account, the user must give approval via an app.

·???????? Biometrics: Fingerprints or an eye scan.

·???????? Security Keys / Cards: Some persons have access to an authorization key or card that must be either inserted into a device upon logging in or in close proximity to due to Radio Frequency Identification (RFID).

Techniques used to bypass MFA:

·???????? Phishing attacks: Attackers often use sophisticated phishing techniques to trick users into providing their MFA credentials.

·???????? MFA Fatigue attacks: The attacker spams a victim with repeated MFA requests, inundating them with validation requests until the user approves one — either out of habit or from fatigue.

·???????? SIM swapping: Attackers hijack a victim's phone number by convincing the carrier to transfer it to a SIM card on a different device. This technique is becoming more common due to the widespread use of SMS-based authentication.

·???????? Session hijacking: The attacker takes over an active business app session to bypass MFA methods entirely. Once in control of the session, they can add new MFA devices, reset passwords, and use the hijacked account to progress through the corporate network.

·???????? Exploiting MFA flaws: Attackers find a misconfiguration or other vulnerabilities, usually in integrated OAuth and single sign-on (SSO) systems that allows them to bypass the second authentication factor.

Is MFA no longer relevant?

MFA is still very relevant – however, it is not as infallible as once thought. Even when well implemented and configured, MFA can be bypassed. It is therefore imperative that organizations continue to be vigilant around IAM and user activity especially user verification and authentication. Zero trust, Artificial intelligence (AI) – AI models are all key to help prevent as well as to identify MFA exploitation attacks (MFA-Failed Suspicious Sign-On; Privilege Operation Anomaly; M365 Suspicious Exchange Transport Rule to name a few).

At Diagon we work with our clients to build a zero trust architecture and use AI models to detect and prevent MFA attacks.?

?

Contact us for more information.

Diagon Consulting LTD webpage: https://cyber.diagonconsulting.com/

?

Written by: Brett Ramirez and Sebastian Ramsawak