The standard security layer for many mailboxes is outdated for many hackers. Hackers recommend adding an extra step.
Let it be said right away, a password is not enough today to protect an account or a mailbox. What about two-factor authentication, then? For a few years, whether on Gmail, Outlook or Facebook, you can configure the request for a second password when connecting to a session. Generally, you receive a message with a one-time password or an authentication button on your smartphone. At first glance, this security step should prevent any outside connection. That’s underestimating hackers. In fact, two-factor authentication hasn’t prevented hackers for a few years now.
Hackers from the famous Lapsus$ group, known for stealing data from Microsoft, or the Russian hackers from Nobelium, responsible for the attack on SolarWinds, have managed to circumvent double authentication when connecting to the messaging services of victim companies.
Pascal Le Digol, France director of WatchGuard, describes some techniques: “ Common methods include social engineering. The hacker stands between the site and the user to directly retrieve the connection code. He can, for example, deceive him by sending a fake page where the victim will type in a password. We have identified other processes such as the ability to redirect SMS to connect by paying or hacking the operator. »
“Add new steps”
Many other techniques exist and have been put into practice by hackers. Brute force – a bot constantly generating new combinations – can be used to try thousands of codes until you get the right one. A session cookie theft can allow the hacker to find used passwords. Simpler, if a hacker accesses your email by finding the codes on the darknet, he can bypass 2FA on certain accounts by reinstalling the password. Criminals have even managed to copy the signal of a 2FA authentication device that asks for a click from its owner. Obviously, this requires enormous resources and a lot of time from hackers. Robert A. Grimes, cybersecurity expert, details twelve ways to break double authentication in an online report.
” It’s all about the security layer. The more we add, the more we complicate the task for the criminal. The hacker thinks about profitability, he looks for the attack that requires the least time and resources. Some even take pleasure in finding some innovative methods to circumvent a 2FA “, explains Pascal Le Digol.
Naturally, the Internet user cannot install multilayer authentications for each site. Already, this would ruin the user experience, but the user also acts with the tools he has in hand, and not all sites offer 2FA. For sensitive accounts, experts recommend that we install MFA – multi-factor authentication – which requires typing a code plus another verification step: answer a question, affix a fingerprint or press a security USB key. Obviously, the most talented hackers are already finding maneuvers to circumvent these barriers. We have to face the facts, it’s an endless competition between cyber companies and hackers.
