Multifactor authorization can also be cracked

Recently in the news: the American Institute for Cybersecurity discovered that hackers got through multifactor authorization. You know the system when you log into your bank, for example: after logging in, you get another login code via SMS. Enter for “bank” many cloud services and then it is immediately obvious that there are frowned upon eyebrows at the very least. Multifactor authorization is basically secure: the hacker must have the phone in addition to the name and password to log in. But: it is and remains software and security can be bypassed.

How do you do that?

The question is: how? Most likely, a valid session has been hijacked. The hacker got hold of the cookie and thus was basically authenticated. Then the hacker changed e-mail rules to find out other passwords at the company. So using the example of the bank: if you are on your PC doing your banking (after you were in after double authorization), installed malware sends data to the hacker, who can penetrate with it. And once inside, the hacker can change all kinds of settings.

Cloud is basically accessible

The above happened at a cloud service, which is not surprising. By definition, cloud services are accessible online and are common knowledge. Therefore, the chances of this happening at a major cloud service like Google or Amazon are also many times more likely than a hack into a Virtual Private Network (VPN) of your own company. What is a trend: in cases like this, first one hacker tries to get in somewhere and get passwords. After selling this data, the really tough cybercriminals get to work. See our previous blog on Emotet.

Incidental. Yet

Granted, so far these are incidents. The point is to indicate that cracking multifactor authorization is also possible and is happening. A foolproof system simply does not exist. The only thing that helps is an airgap. If your online environment is hacked, think also Office 365, for example, it is wise to have something to fall back on.

Cloud or on premise?

The cloud absolutely has a right to exist: the pluses have proven themselves. But keeping on premise data offline definitely has advantages! And-and is, of course, an excellent solution. It’s nice to have access to business documents and private photos anytime, anywhere, but for both, you don’t want to lose them anyway.

Want to know more?

We are happy to tell you all about Silent Bricks. Contact us with no obligation at all!