Sorry, you need to enable JavaScript to visit this website.

Learn More

…from a solutions specialist.

Two-Factor Authentication Can’t Stop This Phishing Attack

Two-Factor Authentication Can’t Stop This Phishing Attack
May 11, 2018

KnowB4’s chief hacking officer Kevin Mitnick released a video that should send shudders down the spine of anyone using 2-factor authentication.

Implementing a standard attack mode, in this case a spoofed invitation to connect from LinkedIn, Mitnick demonstrates how a hacker can bypass the multi-factor authentication by
dint of session recording malware.

This hack captures all the information needed for an account takeover: user name, password and the authenticated session cookie that is issued after 2-factor authentication has been completed by a user. That cookie allows an attacker to then simply insert the session code and make LinkedIn (or any other site) think that the attacker’s machine is legit. After all, it has a cookie that proves the authenticity of the page request.

The upshot: Employees need to be constantly drilled on the dangers of phishing.

We all have a built-in forgetter when it comes to this persistent, yet common, threat. Real-time tests are a must. While hacks are the third certainty in life, there are many ways to make your attackable surface smaller. Prime among them: continuing education. To borrow from Peter Drucker, culture continues to beat strategy when it comes to cybersecurity.

For a fascinating blow-by- blow of this hack, watch the video here.

Offer Industry Leading CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, member retention, and quickly generate long-term recurring revenue.

Let's Get Started