There are two common questions that we hear daily, despite every type of constant TV, movie, news, or social media coverage:
1) What’s MFA?
2) How did hackers bypass my MFA?
Password Protection
Multi-Factor Authentication (MFA) is simply password protection. Today it’s your password (something you hopefully know) and an authenticator app on your phone (something you have). Enter your password and click approve on your phone.
Even if a hacker tries to guess your password, they don’t have your authenticator to get logged in. Unfortunately, Microsoft reports as many as 68% of Office 365 subscribers still don’t have MFA enabled – even though it was enforced by default and legacy basic authentication protocols that don’t use MFA were deprecated on June 30, 2022.
You should have MFA enabled for all services you use on the web including a backup phone call method to a different number and an alternate e-mail address so you can’t be locked out of your account.
Bypassing MFA
The example for this article is Office 365 and the approach is the same for any type of service. Unfortunately, many people and even supposed cybersecurity gurus think that MFA makes you invincible from security attacks.
The reality is that once you are logged in using MFA, then one or more cookie files are downloaded to your computer. If you click on a malicious link in an e-mail or stumble upon an infected website, then hackers can gain access to your computer and download the cookie files. With these files alone, a hacker can access your Office 365 account and any resources or data with your permissions from any computer in the world.
Stop MFA Bypass
1) Answer “No” to the question to stay logged in so that authentication cookies are not downloaded.
2) Alternatively, use InPrivate browsing to access Office 365 which deletes any cookies when the session is closed.
3) Think twice or ask the sender before clicking links or opening attachments even if sent via encrypted e-mail.
One of the best ways to lower risk is to also implement safe links and safe attachments prevention.
Preparing for E-mail Compromise
People are human and they make mistakes. E-mail compromise is something that every organization should practice regularly:
- Payment verification process for wire transfers and other financial transitions based upon e-mail.
- E-mail Compromise Response for automatic password changes, block risky sign-ins, and hunt for malicious rules or code.
- Incident Response Plan for management notice, communications internally and publicly, and department and user responsibilities to avoid revenue loss and reputation damage.
To see how to stop being a sitting duck and instead take control of your security, simply call us at 918-622-1167 or go to Matrixforce (Bookings) to set up a quick call, and we’ll walk you through your options.