Displaying items by tag: mfa

Earlier today we covered the leak of Microsoft source code by the Lapsus$ group. The group leaked a portion of the data they claim to have stolen in the form of a 37GB dump. This dump has added to the source code they have stolen and released from companies like NVIDIA and Samsung. Lapsus$ has a pattern of compromising an organization, stealing data and then demanding money to not release the information, only to release the information anyway.

Multi-Factor Authentication is often seen as an answer to account compromise, or at least a partial answer to this issue. The problem is that MFA is that while it can help with account compromise, it is certainly not the end all of account protection and, like any other software control, it is potentially vulnerable to coding mistakes and other flaws that attackers can leverage. According to a recent FBI report state-backed attackers have found a way to abuse certain default configurations to register their own devices.

Most attacks, be they real or from a penetration test, begin with an attempt to compromise a single system, or user. The compromise of a device or user account gives the attacker a small foothold in an environment that they can use to pivot to other areas and begin their complete takeover of the targeted organization. Defenders use many techniques to try to prevent this including complex passwords, complex usernames and, of course multi-factor authentication (MFA). MFA, when done properly, reduces the risk of credential compromise from phishing and spearphshing significantly.