Description: This report discusses the three main tactics attackers use to bypass Multi-Factor Authentication (MFA) which are social engineering and phishing, malware, and exploiting the ‘approve sign-in’ method of MFA. Despite security measures in place, companies such as taxi broker Uber, games company EA, and authentication business Okta have fallen victim to these tactics.

Context: Cyber attackers are increasing their efforts to exploit failure points in systems protected by MFA due to its widespread use across organizations. This comes as a result of many corporate and home users believing that MFA is virtually unbreakable, making them the potential weakest link in a company’s defenses.

Importance: MFA is considered one of the best security measures deployed by organizations. Despite this, attackers have found ways around it. It is crucial for organizations to continuously upgrade and improve their systems to counter these threats, particularly moving away from SMS style authentication.

Key Points: Attackers bypass MFA by exploiting the ‘approve sign-in’ method, using phishing emails to trick users into entering their one-time passcodes into a fake website, obtaining stolen copies of the SIM card, and using malware to steal cookies from targets. The ultimate solution to these threats involves robust policy enforcement, end-point protection, and user education.

Urgency: The threat is immediate as attackers are increasingly finding ways to bypass MFA. Immediate steps must be taken to enhance security measures and educate users on potential threats.

Recommended Actions: CISOs should upgrade from SMS style authentication, enforce strong policies, implement robust end-point protection, and educate users about the threats and how to avoid them. Companies should also consider alternative types of authentication.

Distribution: This report should be distributed to all CISOs, IT security teams, and general users within an organization.