Do you count on 2-factor authentication to be the tool that secures your accounts? Recent news has informed users that this extra layer of security many users have implemented, can be vulnerable.
Kevin Mitnick, the chief hacking officer at KnowBe4 shares his expertise and concern with the exposure of this recent vulnerability.
Like many cyberattacks, it begins with a seemingly authentic email that embodies a link. The link takes the user to the actual site, where they enter the 2-factor authentication code that they receive on their cellphone. Once the code is entered, without the user knowing, the hacker steals the user’s session cookie, allowing the hacker to essentially “become” the user. With this power, the hacker no longer needs their username, password, or 2-factor authentication.
Mitnick uses LinkedIn to demonstrate the attack to expose the power which it can have. Representatives from LinkedIn stated that this vulnerability is something that should not be taken lightly and that they are encouraging people to report anything they believe could be spam and work toward protecting users online.
With continued dangers arising, it continues to become more important to protect yourself. Reporting suspicious things and being aware of the possibility of attacks like this, are a strong defense. Several companies are taking it a step further to protect themselves by creating what is called a security key. The physical device contains a hardware chip that uses Bluetooth or USB to be that extra layer of security needed to log in to accounts.
Don’t let yourself fall victim to this attack. Stay informed, aware and cautious.