SoylentNews

Freeman [soylentnews.org] writes:

https://arstechnica.com/information-technology/2022/03/lapsus-and-solar-winds-hackers-both-use-the-same-old-trick-to-bypass-mfa/ [arstechnica.com]

Multi-factor authentication (MFA) is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key, or one-time password—before they can access an account. Nothing in this article should be construed as saying MFA isn’t anything other than essential.
[...]
FIDO2 forms of MFA are relatively new [arstechnica.com], so many services for both consumers and large organizations have yet to adopt them.

That’s where older, weaker forms of MFA come in. They include one-time passwords sent through SMS or generated by mobile apps like Google Authenticator or push prompts sent to a mobile device. When someone is logging in with a valid password, they also must either enter the one-time password into a field on the sign-in screen or push a button displayed on the screen of their phone.

It’s this last form of authentication that recent reports say is being bypassed. One group using this technique, according [mandiant.com] to security firm Mandiant, is Cozy Bear, a band of elite hackers working for Russia’s Foreign Intelligence Service. The group also goes under the names Nobelium, APT29, and the Dukes.

Original Submission