Category: 2FA

Google 2FA Breach: Rethink Authentication Security

Posted on by Srishti Chaubey

In today’s digital landscape, safeguarding our online presence is paramount. Two-factor authentication (2FA) has emerged as a crucial tool in this endeavour. Platforms like Google and Facebook offer 2FA to bolster account security. However, there have been multiple incidents revealing vulnerabilities in this system, prompting concerns among users.

The Case of the Bypassed 2FA

Recent reports unveiled breaches in Gmail and YouTube accounts despite 2FA activation. This revelation underscores a fundamental truth: security with passwords, along with 2FA or MFA is fallible. Hackers continuously adapt their tactics, exploiting weaknesses even in trusted systems like 2FA.

Credit : Forbes

Understanding the Bypass

While the exact method remains undisclosed, hackers may employ various strategies to circumvent 2FA. According to Forbes, It’s probable that these users fell prey to what’s known as a session cookie hijack attack. Typically initiated through a phishing email, hackers direct victims to a counterfeit login page. Upon entering their credentials, users are prompted to complete a simulated 2FA challenge, which they unwittingly comply with.

The Role of Vigilance

Despite these challenges, I would personally suggest moving away from systems that solely rely on 2FA for authentication. But in the extreme case where abandoning 2FA is not the solution, users must adopt additional measures to enhance their security posture.

Secure Alternative to 2FA/MFA

As we have seen numerous instance of 2FA & MFA getting by passed, enterprises need better methods to secure access to their resources. PureAUTH Secure IAM platform provides Zero Trust -Passwordless access and protects enterprises from following type of attacks

  1. Password Spraying & brute forcing attacks
  2. Credential Phishing, Push fatigue and Adversary in the middle attacks
  3. Public Key replacement attacks targeted at solutions using Public Key based authentication like FIDO keys
  4. Social Engineering attacks to reset user credentials and reset or disable MFA/2FA
  5. Abuse of shared credentials or leaked credentials and in general credential stuffing attacks

Elevating Security: Going Beyond 2FA

Security is an ongoing journey, requiring a multifaceted approach. While the challenges of bypassing 2FA are evident, there’s a growing trend towards passwordless authentication methods. Embracing secure identity and access management technologies, adopting a zero-trust architecture are some promising alternatives. By adapting these alternatives and staying vigilant, users can reinforce their online security against the ever-evolving tactics of cyber criminals.

PureID offers solutions that curate a robust defence against unauthorised access, heralding a more secure digital future for organizations. Embrace the resilience of passwordless authentication, reinforce your security posture with PureID, and navigate the cybersecurity landscape with renewed strength. The journey continues—Passwordless Authentication awaits.

Read Also

Breach Chronicles: MongoDB’s Unsettling Security Saga Unfolds

Securing Cloud Environments: Lessons from the Microsoft Azure Breach

Posted on by Srishti Chaubey

Introduction

In the wake of the recent Microsoft Azure breach, it has become increasingly evident that organizations must prioritise enhancing their security posture to mitigate the risk of similar incidents in the future. This breach, attributed to compromised passwords & MFA manipulation, underscores the critical importance of implementing passwordless authentication solutions to strengthen overall security.

The Breach

The breach unfolded through a series of sophisticated maneuvers executed by cyber criminals to exploit weaknesses in Azure’s security framework. Initially, phishing emails targeted mid and senior-level executives, enticing them into disclosing their login credentials unwittingly. 

Armed with these credentials, attackers gained unauthorised access to Azure accounts, despite the presence of multi-factor authentication (MFA). By circumventing MFA and substituting victims’ MFA settings with their own, attackers maintained undetected access to Azure resources. 

They further obscured their identities using proxies, evading detection while seizing control of sensitive data and cloud resources.

This helps attackers bypass any poorly designed adaptive authentication solution relying on IP based access restriction or re-authentication.

How Microsoft Azure was Breached

The Lessons

  1. Phishing: Implement Phishing-Resistant Authentication Methods
    • Organisations must adopt phishing-resistant authentication methods to combat prevalent phishing attacks. Staff training alone may not suffice, necessitating solutions that minimise the risk of credential theft.
  2. Credential Theft: Go Passwordless
    • Enhanced credential security with multi-factor authentication is insufficient. Robust password management practices and adaptive MFA solutions have been and will continue to be breached unless you eliminate credentials altogether. Passwordless solutions are the optimal choice for enterprises, as they have been for quiet some time now. Both enterprises and individuals must recognise and adopt it as a standard practice.
  3. MFA Replacement: Implement Continuous Monitoring and Anomaly Detection
    • When you’re using credentials, it’s crucial to keep an eye on them. Continuous monitoring and anomaly detection play a vital role here. They help spot any unauthorised changes in MFA settings promptly, preventing any further access.
  4. Masking Location Using Proxies: Strengthen Adaptive Authentication Checks
    • Strengthening adaptive authentication checks is vital to detect suspicious activities like masked locations. Geo-location based authentication or behavioural biometrics can enhance authentication accuracy.
  5. Cloud Account Takeover: Implement Zero Trust Security Architecture
    • Implementing a Zero-trust security model is crucial to verify every access request, regardless of source or location. Granular access controls and continuous monitoring can mitigate the impact of cloud account takeovers.

Moving Forward

In the aftermath of this breach, organizations must prioritise fortifying their security posture to prevent similar incidents. While passwordless authentication solutions offer promising alternatives, organizations should also concentrate on strengthening existing security protocols, conducting regular security audits, and enhancing employee awareness to mitigate future threats effectively.

Conclusion

The breach of Microsoft Azure serves as a stark reminder of the imperative for proactive cybersecurity measures in safeguarding sensitive data and mitigating the risk of unauthorised access. 

By embracing passwordless authentication solutions and implementing a holistic security strategy, organizations can enhance their resilience against evolving cyber threats and safeguard their invaluable assets effectively.

Cloudflare Breach: Okta’s Ripple Effect

Posted on by Srishti Chaubey
Abstract

In a recent revelation, Cloudflare disclosed a security breach on Thanksgiving Day, November 23, 2023. This blog delves into the timeline of events and emphasises the critical role of passwordless authentication in mitigating such breaches.

Breach Overview: Understanding the Thanksgiving Intrusion

In an orchestrated attack, threat actors exploited stolen credentials from the Okta security breach in October. Cloudflare’s internal systems, particularly the Atlassian server, became the focal point for unauthorised access and data compromise.

Compromised Credentials: The Fallout on Cloudflare’s Security

Despite the awareness of the Okta breach, Cloudflare’s failure to rotate service tokens that have very long validity and account credentials allowed threat actors to establish persistent access. This breach impacted Cloudflare’s Atlassian environment, leading to unauthorised access to sensitive documentation and a limited set of source code repositories.

Nation-State Attribution and the Real Culprit: Passwords

Cloudflare attributes the breach to a likely nation-state actor, mirroring the recent trend in cyber threats. However, one can suggest that the fundamental issue lies in the continued reliance on a vulnerable authentication method, which enables such breaches to unfold.

Highlighting the Key Issue: The Perils of Passwords

The breach underscores the inherent vulnerability of conventional password systems. Stolen Okta credentials served as the gateway for threat actors, exposing the limitations of password-centric security measures. This incident highlights the urgent need for organisations to transition towards passwordless authentication solutions & short session validity to fortify their security posture.

It’s the painful experience of passwords based login which forces admins and users to choose long term session tokens to minimise the number of logins.

PureID Solution: A Glimpse into a Secure Future

PureID offers a robust passwordless authentication solution that would have mitigated this breach. By eliminating the relevance of stolen credentials, PureID represents a paradigm shift in cybersecurity, providing a secure alternative to traditional password systems.

PureAUTH offers a simple & smooth login experience. This makes working with short term sessions and frequent login delightful.

Risk Mitigation: The Imperative of Passwordless Security

Cloudflare’s breach serves as a wake-up call for organizations to reevaluate their cybersecurity strategies. Embracing passwordless solutions, such as PureID, emerges as a proactive step to mitigate the risks associated with stolen credentials and enhance overall security.

Immediate Response: Cloudflare’s Security Reinforcement

In response to the breach, Cloudflare has initiated a comprehensive security reinforcement effort. Measures include mass credential rotation, system segmentation, forensic triage, and a meticulous review of all systems to ensure the threat actor’s access is fully revoked.

Ongoing Investigation: Collaboration for a Secure Future

Cloudflare’s ongoing collaboration with peers, law enforcement, and regulators emphasises dedication to assessing the breach’s full impact. This collaborative approach aims to implement additional preventive measures and adapt to the evolving landscape of cyber threats.

Conclusion: Advocating for Passwordless Security

The Cloudflare breach underscores the critical need to shift from traditional passwords and false passwordless systems to true passwordless authentication that can not be breached by stolen credentials. Passwordless solutions, like PureID, offer a robust defence against unauthorised access, heralding a more secure digital future for organisations.

Read Also:

Unpacking Okta’s Recent Security Breach
Okta Breach Part 2: Unveiling the Full Scope and Impact

MongoDB Security Incident: Navigating the Aftermath

Posted on by Srishti Chaubey

Breach Chronicles: MongoDB’s Unsettling Security Saga Unfolds

On December 13, 2023, MongoDB, a prominent US-based open-source NoSQL database management system provider, faced a substantial security incident. This breach of MongoDB Atlas, a fully-managed cloud database, unfolded as unauthorised access infiltrated corporate systems, laying bare customer account metadata and contact information. The assailants employed a cunning phishing attack, exploiting support service applications. The consequences were dire – a trove of sensitive data, including customer names, phone numbers, and account details, left exposed in the turbulent aftermath of this cyber storm.

MongoDB Steps Explained

Intrusion Footprints: A List of IPs Disclosed

In a proactive move, MongoDB disclosed a comprehensive list of external IP addresses on their alerts page. These IPs were strategically employed by the unauthorised third party. Organisations are strongly advised to meticulously scrutinise their networks, diligently searching for any ominous signs of suspicious activity intricately linked to these disclosed IPs. If you spot these IPs, you’ve got unwelcome guests. Remember it’s time to act, and act fast.

MongoDB Breach

Phishing & Social Engineering – The Achilles’ Heel of Multi-Factor Authentication

MongoDB issues a resolute counsel to its user base, emphasising the critical need to bolster defences against the looming threats of social engineering and phishing. In response, the company advocates the implementation of multi-factor authentication (MFA), urging users to promptly update their MongoDB Atlas passwords as an additional layer of security.

Phishing attacks or social engineering can bypass and disable all types of MFA solutions, as seen time and again. The security incident under discussion started with phishing attacks. So implementing MFA will have zero security advantage but will only increase the cost, efforts and complexity of authentication.

GoPasswordless – The best protection for MongoDB

Going passwordless with PureAUTH will benefit in 2 broad ways to protect MongoDB or any other enterprise applications –

  1. Secure Authentication – PureAUTH offers passwordless authentication which is secure from phishing & social engineering attacks.
  2. Resilience in case of data breach – If data from the database like MongoDB is leaked due to mis-configurations, 0-day vulnerability or insider attacks etc, the adversary will not find any passwords, MFA seeds, swap-able public keys, or any usable data to carry out unauthorised access elsewhere.

Conclusion

Amidst the gloom, MongoDB presents a silver lining: Passwordless Authentication. It’s a call to transcend traditional password reliance for a more secure future. Fortify your defences with passwordless security. MongoDB users, the future beckons. Embrace the resilience of passwordless authentication, reinforce your security posture with PureID, and navigate the cyber security landscape with renewed strength. Passwords? Pfft, that’s so yesterday. The journey continues—Passwordless Authentication awaits.

2FA Evading Malwares on the rise

Posted on by Khush Bhatt

Writing after a long gap. We were engaged with Black Hat, DEFCON 28 & Blockchain Village 2020 remotely in #SAFEMODE. This was a great experience.

In my previous blog I had mentioned that in-mobile phishing apps stealing credentials are getting mainstream. Two weeks ago the media around the world was raked with the news of a new family of malware – Black Rock, stealing credentials from a wide variety of applications, not limited to the Banking sector only.

Malware

2FA Evading Malware Pedigree

We list families of Malware which are not only stealing passwords but also evading the conventional 2FA (Two Factor Authentication).

Malware FrameworkTarget ApplicationTarget AttributeImpactMore Reference
Black RockApp Related to Finance/ Banking Appssend, spam and steal SMS messages, inserts keyloggersCan steal otps and passwordsThreat Fabric
EventBotBanking, pPayment, money transfer, Cryptocurrency WalletsSMS, 2FA code/OTPs, *TAN codesCompromise of Banking application. FinanceCybereason
TrickMo/TrickBotTransactional AppsTransaction Authorization CodesCan be responsible for financial loss or can lead to unwanted transactionsIBM X-Force
Loki BotApp Related to Finance/ Banking Appssend, spam and steal SMS messages, inserts keyloggersCan steal otps and passwordsThreatfabric
RyukInitially to Email apps and then to Whole Machine/PCSystem filesInserts payloads and affects your system and asks for ransomDuo Security
CerberusGoogle Authenticator App2FA CodesCompromise of any platform associated with Google authenticator 
TechXplore

There are various malwares which are detected every month with different functions, These 2FA Evading Malwares are challenging organizations no matter if you add an extra factor on top of your passwords you are still vulnerable.

Cerberus Malware is in fact targeting Google Authenticator and compromising the class of apps relying on it.

SMS based OTPS are being phased out since 2017, due to an increase in SIM swapping attacks and industry started moving on TAN based authentication. PushTAN being the most popular. In this writeup we have seen that mobile app based trojans are stealing the temporary tokens rather than swapping SIM.

2FA

2FA fails to protect spare/phishing attacks

When it comes to protection against phishing or spear-phishing attacks targeting credentials, 2FA becomes irrelevant. Our founder Ajit Hatti in an interview with Mike Scialom discussed the spare phishing attacks racking UK politics.

PureID authentication system design is resistant to such malware as authentication happens using PKI and no credentials are involved.

Here is a demo video on how PureID can be useful for login without passwords more securely making sure no such malwares can do attacks like phishing, credential stealing or bypassing 2FA.

Conclusion

Time and again it has been proven that enterprises opting for 2FA for securing passwords end up increasing cost for enterprises, complexity for administrators, inconvenience for users and authentication remains insecure.

© 2024 | PureID. All Rights Reserved

Privacy & Terms | Licenses