Hackers can now launch automated phishing cyberattacks that can bypass two-factor authentication
The infinite dependence on passwords is one of the reasons cybersecurity researchers are looking for new methods to ensure cybersecurity. Multi-factor authentication or two-factor authentication is one of those security features that put up a strong additional layer of security to our personal data. Although it is not perfect, it makes it harder for hackers to access sensitive information.
However, recently it was discovered that it is possible to bypass two-factor authentication with a phishing attack.
What is two-factor authentication (TFA)?
The idea behind two-factor authentication is that it uses unique security tokens that only the user who is trying to access a particular account is supposed to have. Also, those tokens are usually one-time passwords that expire fast, and it is impossible to intercept them; or not anymore…
The new two-factor authentication vulnerability
You may ask how to bypass two-factor authentication? For a phishing cyberattack to be successful, the usual phishing websites need to function as proxies. Meaning that they have to work as a connection between the victim and the original website that issues the two-factor authentication code.
For a long time there was no technology that would have helped hackers to do this; because the reverse-proxy feature doesn’t work on websites that use Subresource Integrity (SRI) and Content Security Policy (CSP), which essentially block proxies.
But now times have changed, hackers developed new tools to help them do it.
Tools Muraena & NecroBrowser
NecroBrowser is a tool that can be used in post-phishing automation. It is a microservice that allows one to specify a target portal. In other words, it helps to hijack the legitimate authentication session, and when the attackers feed sessions that are harvested during phishing campaigns, the service is supposed to perform actions on the victim’s behalf.
Muraena, on the other hand, is a reverse proxy that is written in the Go programming language. This proxy is supposed to automate phishing attacks and other post-phishing activities. This tool allows hackers to obtain legitimate certificates for their domains, thus making it harder to notice a phishing website. Also, the proxy works as a crawler that checks all the resources and automatically decides which one it can proxy.
Both Muraena and NecroBrowser turn the browser into a zombie, and the actions performed can be totally automated.
How to protect yourself?
Cybersecurity specialists are saying that there is no one permanent solution to this issue. Muraena and NecroBrowser were created to point out the two-factor authentication vulnerabilities.
Although two-factor authentication is definitely a step forward, you should use it together with other methods that improve your cybersecurity. When it comes to passwords, you might want to employ a password manager that would store and generate your passwords. Some also suggest using USB hardware tokens for two-factor authentication instead of one-time passwords, but the USB solution also isn’t bulletproof because the hackers can simply program their tools to refuse the USB token authentication.