The data breach first emerged in late June when the hacking group ShinyHunters posted a dump of 33 million phone numbers to BreachForums, now confirmed to be taken from an Authy API endpoint.
Cisco Duo customers may have had VoIP and SMS MFA logs exposed to an attacker in early April. Third party breach is the result of one of the provider's employees being phished. The attackers then seemed to target the MFA logs of specific clients of interest.
Okta has warned about social engineering attacks by sophisticated actors targeting super administrators by tricking service desk staff into resetting multi-factor authentication for privileged users.
One of the most significant barriers for cybercriminals when trying to compromise a user account is Multi-Factor Authentication (MFA). But what happens when users are overrun by notifications? Enter MFA bombing attacks to exploit MFA fatigue.
MFA can be circumvented by modern identity attack techniques. Thwarting cyber attackers starts by understanding the techniques they rely on to bypass MFA protected users, and responding with a holistic, well-rounded identity security strategy that can fill these gaps.
Lateral movement has been a common factor in breaches, using identity as a universal attack vector to traverse environments unchecked. Organizations must have full visibility of the threat posed by identity and proactively wrap MFA round exposed assets.
Given that compromised credentials are a leading cause of cyber attacks, many cyber insurance underwriters are looking for robust privileged access management (PAM) and multifactor authentication (MFA) controls before pricing out their policies.
Many cyber insurance providers are now requiring basic security hygiene from their customers. One of those requirements is multi-factor authentication (MFA), which adds a layer of protection to sign-in processes.
The quick transition to the Zero-Trust model is mainly fueled by remote work, cloud adoption and an increase in deploying devices in recent years. Having the right security solutions to support a Zero-Trust strategy is critical. Here are three keys to implement a Zero-Trust approach successfully.