Recently, the FBI sent out a special briefing called a Private Industry Notification (PIN) to industry partners about the rising threat of attacks that bypass their multi-factor authentication (MFA) solutions.
“The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks,” the FBI wrote in the PIN that was released on September 17, 2019.
The FBI made it very clear that the Private Industry Notification should be taken only as a precaution, and not an attack on the efficacy of MFA. The FBI still recommends that organizations use MFA. However, they do want you to be aware that there are ways the bad guys can bypass this type of protection.
It is unfortunately true that there are currently multiple ways to bypass MFA protections. The FBI briefing pointed out methods like SIM swapping and using flawed proxies as a few of the known exploits. They also gave some examples of recent incidents where MFA protections were bypassed and money was stolen from individuals and organizations.
“Multi-factor authentication continues to be a strong and effective security measures to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks,” the FBI stated.
At LeafTech, we have many tools to help mitigate the weak points in your security environment. From email filtering that targets Phishing and Social Engineering scams, to the training your team needs to recognize when cyber actors may be attempting nefarious activity, to continuous cloud based backups to protect you from Ransomware, we have your business covered.
Give LeafTech a Call to discuss your cybersecurity needs and goals, or to schedule your Multifactor Vulnerability Assessment.