This week the FBI released a statement in which it warned the public of a new string of cyber attacks. Banks in particular got the warning, saying that multi-factor authentication can and will be bypassed by hackers. Multi-factor authentication is the process of logging in to your private accounts. The website or company verifies your identity by asking for a password, and then another form of identification. A popular method is the security question, which requires an answer to personal information only you know. For example, a bank might ask “what is the name of your first pet?”. Hackers had no way of getting past the second step, until now.
The statement read, “The primary methods are social engineering attacks, which attack the users, and technical attacks, which target web code”. Social engineering attacks come in the form of a fake email or website. They rely on the user to give them their information without them knowing it. The web code attacks are different, and the hackers have to gain access to the companies data itself to grab what’s necessary to bypass the second authentication. In one cyber attack, the FBI reports, “The attacker entered a manipulated string into the Web URL setting the computer as one recognized on the account”. They go on to say, “This allowed him to bypass the PIN and security question pages and initiate wire transfers from the victims’ accounts.” Because of this, companies need a better method of verification.
The FBI recommends using IP addresses or geolocation to better secure the websites. This is extremely important in today’s modern world. Everything we do is online, from managing money to communication. If these things are compromised, our society would have a huge problem on its hands.
Article Link: https://www.bankinfosecurity.com/fbi-cybercriminals-are-bypassing-multifactor-authentication-a-13226