Two factor authentication. You need to enter a password, as well as verify your identity using your number. Used laptop and smartphone. Cartoon flat vector illustration isolated on a blue background

2 FA undermined by hackers

Having become a standard for social networks and Cloud platforms, two-factor authentication (2 FA) consists of validating the connection via SMS or email. This method was able to stop the hackers for a while, but the situation has visibly changed. Tools specially designed to circumvent this protection have emerged.

Hackers bypass 2FA using phishing

The hidden side of the Internet or Dark Web is full of tools available to hackers. Providers from the underground side of the Web offer phishing programs. Concretely, this is personal data which allows hackers to carry out complex attacks. This is information stolen via spyware or other systems.

The facts were proven by Stony Brook University. Researchers have discovered the existence of phishing tools marketed on the Dark Web by specialists in the fraudulent practice. Malicious codes can even bypass two-factor authentication. For several years, Google, Facebook, Paypal, Microsoft and other Internet players have believed in the 2 FA.

The contribution of Palo Alto Networks allowed researchers to discover the scheme. Thanks to this security company, sleuths have compiled a list of some 1,200 phishing sites. These are carried out by the Family Allowance Fund, the tax service, etc. These platforms bypass 2FA in order to collect banking details or extract sensitive personal data.

Two-factor authentication is used by hackers

Initially intended to consolidate security, authentication by SMS or Email is hijacked by hackers. They use it to obtain phone numbers and other sensitive information. In addition to phishing, hackers also use voice phishing. This technique allows them to get their hands on the random code intended for the account holder. It is a sophisticated approach that demonstrates the firm desire of cybercriminals to achieve their objectives. Victims have personal information stolen or lose money.

A lire également  Critical HTTP Vulnerability, Fix Windows Now!

Hacking a Google or Microsoft account becomes child’s play for some hackers. They are now moving on to banking details and health insurance. The smartest among them put into practice the “man-in-the-middle attack” or HDM. The scheme consists of using a reverse proxy server whose purpose is to divert traffic intended for the targeted person’s computer. A channel is thus established and it becomes easy to intercept the authentication codes. Among pirates too, we can’t stop progress!