A team of researchers have revealed that they came across more than 1,200 phishing toolkits being sold online by cybercriminals claiming that they have the ability to intercept and bypass two-factor authentication (2-FA) security codes.
2-FA has grown to become a central focus within cybersecurity circles today, anyone looking to protect their online account are expected to understand and implement it in order to fully protect their personal data.
The belief about 2-FA being unbeatable stems from the fact that almost all digital platforms have encouraged their users to use it as a critical step towards ensuring that their online accounts keep out cybercriminal attacks.
The main reason why 2-FA is highly recommended by cybersecurity experts and online platforms across the board is because of its operational framework that utilizers two different levels of security codes.
The first level is the password that a user sets for their online account, while the next is the randomly-generated code that they receive (either via text or code generators like Google Authenticator) during login attempts.
Considering that the account owner is the only person that can know the random code, it is presumed that their account will be kept safe from potential hacks even if their password is compromised.
In all fairness, 2-FA is quite robust when it comes to basic cyber defenses when dealing with regular hackers. The unfortunate news is that new ways have been developed by threat actors to bypass 2-FA and that such toolkits are being sold online across the dark web.
First reported by The Record, the new study conducted by academics from Stony Brook University and the cybersecurity company Palto Alto Networks came across numerous phishing toolkits that can be used to hack 2-FA setups.
It turns out that the toolkits contain malicious codes that can provide a threat actor with the capability of implementing a sophisticated cyberattack against their target. The hacks are designed to steal 2-FA authentication cookies from a computer system, which would allow the cybercriminal to bypass 2-FA security.
The researchers noted that a successful 2-FA bypass can be done through Man-in-the-Middle (MITM) attacks that allows a hacker to redirect internet traffic from a target’s computer via a phishing site that implements a reverse proxy server.
The attacker will create a channel between the target system and the phishing website, in which the threat actor will be stationed right in the middle of the “transaction” with the intention of watching every single movement of information between the two points – the hacker will then steal the victim’s 2-FA security codes along the way.