OK, here is something really scary.

KnowBe4’s Chief Hacking Officer Kevin now and then calls me with some chilling news. This time, a white hat hacker friend of his developed a tool to bypass 2-factor authentication, and it can be weaponized for any site! My first thought when I heard about this was: R;Holy cr@p!”

I asked him: “Can you show it to me?”, and Kevin just sent me a video demo, you can see it below. 

This particular is based on proxying the user through the attacker’s system with a credentials phish that uses a typo-squatting domain. Once the user falls for this social engineering tactic and enters their credentials, their authenticated session cookie gets intercepted and it’s trivial to hack into the target’s account. 

See it for realz here (video is just 6 minutes) and shiver: 

 

What Kevin recommends at the end of this video: “Of course you need to have user education and training, that’s a no-brainer, but you also need to conduct simulated phishing attacks so you can inoculate your users against this type of risk. And more importantly, you have to Stop, Look and Think before you click that link.” 

What Percentage Of Your Users Would Click On That Link?

Organizations are moving to 2FA to security. However, this video proves that using 2FA does not mean you are automatically protected. The Phish-prone percentage of your users remains your number one vulnerability, as employees continue to be the weakest link in your IT security, 2FA or not.

Here is a way to get your users’ phish-prone percentage baseline at no cost

KnowBe4’s Phishing Security Test allows you to choose which environment you want to test:

KnowBe4_Free_Phishing_Security_Test.png  - KnowBe4 Free Phishing Security Test - [Heads-up] New Exploit Hacks LinkedIn 2-factor Auth. See This Kevin Mitnick VIDEO

If you choose the O36 option, your user will be sent this Phishing Security Test (PST) email after you upload the email addresses and whitelist our domain:

O365_Phishing_Security_Test-1.png  - O365 Phishing Security Test 1 - [Heads-up] New Exploit Hacks LinkedIn 2-factor Auth. See This Kevin Mitnick VIDEO

As you just saw, cyber-attacks are changing all the time. We help you step your employees through new-school security awareness training to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. No need to talk to anyone.

Find out what percentage of your employees are Phish-prone with our free Phishing Security Test (PST). If you don’t do it yourself, the bad guys will. 

Get Your Free PST Now  - d1679878 b879 4fea 951c 3013708e913d - [Heads-up] New Exploit Hacks LinkedIn 2-factor Auth. See This Kevin Mitnick VIDEO

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer



Source link
Based Blockchain

LEAVE A REPLY

Please enter your comment!
Please enter your name here