Two-factor authentication, or 2FA, has been sold to internet users as one of the most important and reliable tools to protect your digital life. You probably know how it works: By providing you with an account not just your password but also other information (usually on your mobile phone or device of your choice), companies can verify that everyone who logs in to your account is you and not someone who just wants to log into your account. managed to share your information.
However, according to a new study, it says that goons have unfortunately found a number of ways to increase your 2FA protection — and they are using more of these methods.
The learning, reported by researchers at Stony Brook University and cybersecurity company Palo Alto Networks, highlighted the recent discovery of fraudulent weapons used to hide past security. Zida Zazida and malicious programs designed to aid in cyberattacks. They are made by criminals and are often sold and distributed on dark circles, while the non-digital ally can be purchased and used. A study by Stony Brook, originally mentioned by History, shows that these malicious programs are being used to fraudulently steal 2FA login data from users of major web sites. Explosives are also being used, and researchers have identified at least 1,200 different devices floating in the digital world.
Of course, the cyberattacks that can defeat 2FA are not new, but the distribution of these malicious programs shows that they are becoming more complex and widely used.
These tools defeat 2FA by stealing something more valuable than your password: your official 2FA cookies, which are files stored on your browser while the verification process is in progress.
G / O Media can find a job
20% Off
Select Nuraphone Styles
Get award-winning personalized sound
Grab the Nuratrue Earbuds, Nuraphone headphones, or the NuraLoop earbuds at a generous discount.
According to the study, said cookies can be stolen one of two ways: A hacker can infect a victim’s computer with data-stealing malware, or, they can steal the cookies in-transit—along with your password—before they ever reach the site that is trying to authenticate you. This is done by phishing the victim and capturing their web traffic through a Person -in the middle a style attack that directs the traffic to a fraudulent page and its affiliates switch proxy server. In this way, the attacker can get in the middle of you with the page you are trying to get in – thus taking everything that goes between you both.
After a thief steals your car and steals cookies, he can enjoy your account as long as the cookie continues. In some cases – such as social networking accounts – this can be long-term, Record Records.
Everything is complicated, because in recent years, 2FA has existed very visual as a useful way to prove your identity and account security. Then again, recent research has shown that more people do not suffer at all by setting up 2FA initially, which, if true, means that we probably have some big fried fish in the internet security department.
Source link
