Is MFA enough? – the need for multiple cyber security layers.

by | Mar 29, 2024 | News, Security

At Kinetics, we’ve always emphasized the importance of multi-factor authentication (MFA) as a critical layer in cybersecurity. Without MFA, it’s only a matter of time before you fall victim to a cyber attack.

However, as we’ve also mentioned, no single defense is enough. Cybersecurity needs to be layered, and that includes MFA.

Without MFA, you WILL get hacked – it is only a matter of time.

BuT MFA by itself is not enough.

Recently, cybercriminals have been using a platform called “Tycoon 2FA phishing-as-a-service” to target Microsoft 365 and Gmail accounts, bypassing two-factor authentication. This platform is similar to early hacks like “Dadsec,” indicating code-sharing among the hacker community.

The latest version of Tycoon 2FA, released in 2024, shows a continuous effort to improve its stealth capabilities. It leverages 1,100 domains and has been identified in numerous phishing attacks. These attacks typically follow a multi-step process:

  1. Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
  2. A security challenge filters out bots, allowing only human interactions to proceed to the deceptive phishing site.
  3. Background scripts extract the victim’s email from the URL to customize the phishing attack.
  4. Users are quietly redirected to another part of the phishing site, moving them closer to the fake login page. This presents a fake Microsoft or Google login page to steal credentials.
  5. The kit mimics a 2FA challenge, intercepting the 2FA token or response to bypass security measures.
  6. Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack’s success.

At Kinetics, our KARE Foundation defends you with DNS scrubbing, a browser extension, and geo-blocking, among other tools, to protect your organization from these types of attacks. Stay vigilant and stay protected with Kinetics.

Read more:

https://www.bleepingcomputer.com/ne…ing-kit-targets-microsoft-365-gmail-accounts/

https://blog.sekoia.io/tycoon-2fa-a…-the-latest-version-of-the-aitm-phishing-kit/

At Kinetics, we’ve always emphasized the importance of multi-factor authentication (MFA) as a critical layer in cybersecurity. Without MFA, it’s only a matter of time before you fall victim to a cyber attack.

However, as we’ve also mentioned, no single defense is enough. Cybersecurity needs to be layered, and that includes MFA.

Without MFA, you WILL get hacked – it is only a matter of time.

BuT MFA by itself is not enough.

Recently, cybercriminals have been using a platform called “Tycoon 2FA phishing-as-a-service” to target Microsoft 365 and Gmail accounts, bypassing two-factor authentication. This platform is similar to early hacks like “Dadsec,” indicating code-sharing among the hacker community.

The latest version of Tycoon 2FA, released in 2024, shows a continuous effort to improve its stealth capabilities. It leverages 1,100 domains and has been identified in numerous phishing attacks. These attacks typically follow a multi-step process:

  1. Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
  2. A security challenge filters out bots, allowing only human interactions to proceed to the deceptive phishing site.
  3. Background scripts extract the victim’s email from the URL to customize the phishing attack.
  4. Users are quietly redirected to another part of the phishing site, moving them closer to the fake login page. This presents a fake Microsoft or Google login page to steal credentials.
  5. The kit mimics a 2FA challenge, intercepting the 2FA token or response to bypass security measures.
  6. Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack’s success.

At Kinetics, our KARE Foundation defends you with DNS scrubbing, a browser extension, and geo-blocking, among other tools, to protect your organization from these types of attacks. Stay vigilant and stay protected with Kinetics.

Read more:

https://www.bleepingcomputer.com/ne…ing-kit-targets-microsoft-365-gmail-accounts/

https://blog.sekoia.io/tycoon-2fa-a…-the-latest-version-of-the-aitm-phishing-kit/