News & Press Releases

New Vulnerabilities Discovered in Multi-Factor Authentication

New Vulnerabilities Discovered in Multi-Factor Authentication

ProWriters was provided the information below by CFC. Take the steps below immediately to limit your exposure.

ATTENTION: Please forward the following advisory onto your cyber policyholders

CFC has become aware of a significant new security vulnerability that can be easily exploited to bypass multi-factor authentication (MFA). MFA is commonly used to protect against phishing attacks and compromised passwords, which are two of the most common root causes of cyber claims seen by our incident response team. Even worse, we’ve become aware of tools available on the dark web that exploit this vulnerability and expect substantial use of the tool to compromise previously protected environments.

How it works

A new penetration testing tool has been published by a security researcher that automates phishing attacks against multi-factor authentication protected websites. This tool, dubbed Modlishka, sits between a user and a target website such as Outlook 365 or Gmail.

The victim receives authentic content from the legitimate site but all traffic and all the victim’s interactions with the legitimate site pass through and are recorded on the Modlishka server. Any passwords a user may enter are automatically logged on this server, while the reverse proxy also prompts users for 2FA tokens when users have configured their accounts to request one.

If attackers are on hand to collect these tokens in real-time, they can use them to log into victims’ accounts and establish new and legitimate sessions. We have seen a similar method used to intercept other web services such as Citrix Web Access.

You can find more information here.

Steps to take

  1. Disable web access to email or remote desktop environments where possible
  2. Use hardware tokens as a means of multi-factor authentication (FIDO 2.0 and U2F)
  3. Implement phishing awareness and education:
    • Do not click on links in emails, and instead type the address in your browser
    • Avoid suspicious email attachments or links, and if necessary, verify the sender
    • Never hand over your credentials such as passwords or sensitive information such as bank account numbers
    • Check that the website address looks right and is spelled correctly
  4. Use DMARC in order to protect against spoofing of email domains

About us

ProWriters offers exceptional services in risk management, wholesale brokerage and underwriting, specializing in small and mid-sized businesses. From the day it opened its doors, ProWriters’ mission had been to serve agents and brokers by offering multiple options, backed by expertise while simplifying the process and specialty coverages. For more information or to speak with a cyber liability expert, contact us today.