Followers

Thursday, 10 January 2019

Two- Factor authentication not a silver bullet!

In a quest to make online accounts safer, many services now offer two-factor authentication. The system typically sends a code to a user's mobile phone that they need log in, along with a username and password.

Cybersecurity professionals have advised enabling two-factor to add an extra layer of security — but according to at least one expert, this may not be a silver-bullet. Kevin Mitnick, who was once the FBI's most wanted hacker and now helps companies defend themselves, found that two factor authentication can be vulnerable.


"Just by enabling two-factor authentication, you can't relax…a smart attacker could get access to your account," Mitnick said in an interview with CNBC. He is the chief hacking officer at KnowBe4, a cybersecurity company that trains people to spot phishing, or spoofed emails.

The attack begins when a cybercriminal sends an email that looks real, and asks the receiver to click on a link.

Once the user clicks on the link, they are directed to log into the real website, including entering the code sent to their cellphone. Secretly, however, the log in went through the hacker's server and they were able to get the session cookie, the expert explained.

Mitnick used LinkedIn to demo the attack for CNBC, but said many other websites are also vulnerable. The email he clicked on looked like a real LinkedIn connection request — but actually came from a fake domain, lnked.com. He said most people may not realize the difference.

In a statement, Mary-Katharine Juric, a LinkedIn spokesperson, told CNBC that the professional network took Mitnick's demonstration "very seriously," and that LinkedIn has "a number of technical measures in place to protect our members from fraudulent activity including phishing scams."



Source:
www.cnbc.com

No comments:

Post a Comment

Softech Middle East FZC Announces Partnership with SolarWinds

Softech Middle East FZC to offer SolarWinds comprehensive IT management and monitoring solutions to partners and customers in Pakistan Sof...