Researchers see real-time phishing jump. Real-time phishing attacks that cheat two-factor authentication are on the rise around the globe as phishers adapt to the latest barriers put in their way, according to a team of researchers. Researchers at Trusteer November 9 said 30 percent of all attacks during the past two-and-a-half months against Web sites using two-factor authentication have been real-time, man-in-the-middle (MITM) methods that allow attackers to bypass this stronger authentication.
The data comes from a sampling of thousands of phishing attacks. Phishing attacks typically are static, so they are mostly rendered powerless when a bank uses two-factor authentication, such as one-time passwords. That is because the attacker may be able to capture the first level of credentials, but they are not able to easily capture and use OTPs, which quickly expire. So phishers are adapting their attacks to find ways around stronger authentication, and security experts said it was only a matter of time until they routinely started cheating banks and other transactional sites’ two-factor authentication.
This type of real-time MITM attack has been isolated and rare thus far, experts saod. Trusteer researchers have spotted these attacks in South Africa, Europe, and now in the United States, the firm’s CEO said. And while these attacks are not a new concept, this is the first time his team has seen them in such high numbers, he said.
Source: http://www.darkreading.com/authentication/security/attacks/showArticle.jhtml?articleI D=228200550
No comments:
Post a Comment