The Pros and Cons of Multifactor Authentication (MFA)
The COVID-9 pandemic has caused many organizations to shift to a work-from-home model of business functioning. This has in turn lead to an increase in reliance of multifactor authentication (MFA) to secure RDS and VPN connections. While MFA has many security benefits, it also poses a number of risks as well.
How does MFA Work?
Multifactor authentication (MFA) is an additional layer of security that is added to an account. Standard accounts only require a username and password to access an account. However, in current times this has become a vulnerability due to brute force attacks – a type of cyberattack that gains access to your credentials by using a computer to guess every possible password combination.
When it is active, logins from an unfamiliar device will require and additional one-time code to be entered, which is sent to a user’s registered phone number or authenticator app. Using this method, an attacker that has brute forced your credentials will still not be able to access the account due to the fact that they do not have access to the secondary device.
Even though MFA makes accounts more secure, it is still a fallible method of authentication security. Cybersecurity researchers at Proofpoint have recently discovered a severe vulnerability in MFA implementation that allows cyberattackers to bypass the authentication when accessing cloud environments using WS-Trust. Specifically, this vulnerability will allow attackers to access services such as Microsoft 365. WS-Trust, or Web Services Trust Language, is a protocol used in multifactor security tokens. Microsoft have themselves acknowledged that WS-Trust is insecure when assessed with current security standards. This is because that it uses ‘clear text’ when authenticating user ID and passwords, and relies on encryption during the first sept of authentication.
Proofpoint researchers have stated that the vulnerabilities that were discovered, if exploited, would allow an attacker to gain full access to a victim’s Microsoft 365 account. This includes access to services like mail, online files, and contacts. Furthermore, the researchers stated that the attackers could also gain access to services such as azure and Visual Studio.
The vulnerabilities can be exploited by simply using a spoof IP address, said the researchers. Another method is by changing a user-agent header, which would trick the IDP to identify the protocol as a legitimate authentication process. In either case, the researchers found that Microsoft recognizes these illegitimate connections as “modern authentication” due to the legacy protocol being used instead of the modern one. It was stated that this is not the first time that O365 authentication has been compromised. May of 2020 saw a phishing attack that exploited a vulnerability in OAuth2, which also lead to the MFA protocol being bypassed.
Open Authentication, or OAuth, is the authorization protocol that gives websites access to an application. In the aforementioned phishing attack, salary bonuses were used as the incentive that lured victims to permit the malicious app access to bypass the authentication.
In the phishing email, users were prompted to click a malicious link that lead to an Office login page. After logging in, users were presented with a prompt to allow the web app to access their Office 365 account. After granting permission, the cyberattackers would have access to the user’s Microsoft 365 account.
Protecting Yourself from MFA attacks
Despite the weaknesses stated above, MFA is still an excellent first line of defense against cyberattack. According to Microsoft, MFA can block over 99.9% of account compromises.
In order to ensure that you don’t’ fall victim to cyberattack, ensure that you educate staff on common phishing techniques to avoid social engineering attacks.
GIGE Corporation can help you identify and remedy network vulnerabilities. Call us at +1 888 366 4443 or email us at email@example.com for a consultation today.