Study shows hackers skip 2-step verification


Image of the article entitled Study Shows How Hackers Skip 2-Step Verification

Photo: Daniel Mihailescu / AFP (Getty Images)

Two-factor authentication or two-step verification Sold to web users As one of the Tools more important and reliable To protect your digital life. Maybe already you know How it works: Guarantee Account not only with Password, but also with a factor secondary (Usually an automatic code is sent via text message to a file phone or device of your choice), companies can verify anyone who initiates session in your The mind is really you and not someone I managed to get it Your personal information.

but nevertheless, New search appears hackers Unfortunately they have found a number of effective ways to circumvent double protection factorAnd they are using these methods more and more.

the study, conducted by academic researchers at Stony Brook University and cybersecurity firm Palo Alto Networks, shows the recent discovery of phishing toolkits being used for circumvention. Authentication protection. Toolkits They are malware designed to aid in cyber attacks. They are designed by criminals and are usually sold and distributed on dark web forums., where any user You can buy it and use it. Stony Brook study based on it Originally mentioned register, explains that this malware is used to impersonate and steal login credentials from double factor From users of the main sites who am IInternet. It is being used more and more, s The researchers found No less than 1,200 different tool combinations are milled around In the digital underworld.

Of course, cyberattacks can break Two-factor documentation They are not newBut the distribution of this malware shows that it has become more sophisticated and more widely used.

Toolkits override a file Two-factor documentation theft Maybe something more valuable than youu Password: tus Two-factor cookies for authentication, which are files that are saved in a file The web browser when the authentication process is performed.

Según el estudio, dichas cookies se pueden robar de dos maneras: un hacker puede infectar el ordenador de una víctima con malware que roba los datos o puede robar las cookies en tránsito, junto con tu contraseña, antes de que lleguen al sitio que está intentando autenticarte. Esto se hace mediante phishing y la captura de tu tráfico web a través de un ataque de estilo man – in the middle which redirects traffic to a phishing site and reverse proxy server linked. This way, an attacker can come between you And the website you are browsing Attempting to log in, thus capturing all the information that passes between the two.

after the hacker silently kidnapping tu traffic and confiscate these cookies, you can enjoy access tou counts for the duration of the cookie. In some cases, such as social media accounts, this may take a long time, log notes.

It’s a little annoying, because in recent years, a file Two-factor documentation It was widely seen An effective means of identity verification and account security. On the other hand, recent studies have also shown that many people So they don’t bother themselves When you turn on two-step verification First of all, if this is true, it means that we are likely to have even bigger problems In section Web security.

Leave a Reply

Your email address will not be published. Required fields are marked *