To understand how MFA protects against cyberattacks, let’s firstreview how these cyberattacks work:
Phishing
In 2020, 75%of organizations worldwide experienced a phishing attack. Phishing wasalso the most common attack seen in data breaches.
In a phishing attack, email is used as a weapon. The cybercriminal pretendsto be someone the intended victim would normally trust such as a governmentorganization or bank. The attacker then creates a fake email with a maliciousattachment or link that looks like it came from the trusted organization.
The purpose is to fool the victim into taking some action that benefits theattacker. For example, they may be told to log in with their credentials andmake some transactions on the provided (fake) link. The attacker steals theuser’s credentials, logs into the real website while pretending to bethe user, and steals the user’s money.
In Spear Phishing, the attacker targets specific individuals ororganizations with well-crafted, believable and relevant messages. They oftenuse personalized content, such as the user’s name, or refer to a recentuser action (e.g. online purchase) or event (e.g. wedding) to make the messagemore believable.
Like phishing, spear phishing emails also include a compelling call toaction, usually to trick users into providing sensitive data, e.g. theiraccount credentials or financial information.
Whaling is a type of focused spear phishing that targets a senioror high-profile victim, such as a C-suite leader. Such individuals tend to bemore cyber-aware, so “normal” phishing tactics usually don’twork on them. As a result, adversaries use more sophisticated methods andtailored fraudulent messages that are personally addressed to the victim. Theattackers use urgency to compel the victim to take some action, such as openan attachment that installs malware, or trigger a wire transfer.
Keyloggers
A keylogger is a type of monitoring program or spyware.Cybercriminals install keyloggers on a victim’s device, often via avirus. The program captures every keystroke the victim makes and records theirusernames, passwords, answers to security questions, banking and credit carddetails, sites visited, and more. Cybercriminals then use this sensitiveinformation for malicious purposes.
Brute Force, Dictionary and Credential Stuffing Attacks
In a Brute Force attack, the cybercriminal uses a program togenerate and use many possible username/password combinations, hoping that atleast one will help them gain access to an enterprise system. Brute forceattacks are very common and provide many benefits to cybercriminals:
Place spam ads on websites to make money when the ad is clicked or viewed
Infect a site’s visitors with activity-tracking spyware, steal theirdata, and sell it to marketers (or on the dark web)
Hack into user accounts to steal personal data, financial data, or money
Spread malware or hijack enterprise systems to disrupt operations
In a reverse brute-force attack, the attacker tries commonpasswords, e.g. “password” or “123456” to try tobrute-force a username and gain access to many accounts.
Dictionary attacks are a common type of brute force attack, wherethe attacker works through a dictionary of possible passwords and tries themall to gain access.
A credential stuffing attack is a type of brute force attack thatalso takes advantage of passwords. Many people often use the same usernameand/or password on multiple accounts. Attackers take advantage of this fact toperpetrate credential stuffing attacks where they steal credentials, and tryto use them to access many accounts. Sometimes they may obtain credentialsfrom one organization, either through a data breach or from the dark web, anduse them to access user accounts at another organization.They hope that atleast some of the same credentials will enable them to:
Sell access to compromised accounts
Steal identities
Perpetrate fraud
Steal sensitive enterprise information, e.g. business secrets, PersonallyIdentifiable Information (PII), financial information, intellectualproperty, etc.
Spy on the enterprise (corporate espionage)
Man-in-the-Middle Attacks
In an MITM attack, the attacker eavesdrops on a user’s connection withanother party. They observe or intercept communications between these partiesto steal the user’s credentials or personal information, corrupt data,or hijack the session to sabotage communications.