Two-step authentication (2FA) is used as one of the most important and secure tools to secure users’ digital lives. You are probably familiar with how this mechanism works. By providing an account in addition to the password, companies use secondary information such as a one-time code that is sent to your mobile number to log in to the account. This way, the company in question will make sure that you are the person who wants to sign in to your account. In this case, even if someone else has hacked your username and password, they will not be able to log in to your account because they do not have access to the one-time code sent to your mobile number.
Although the two-step authentication mechanism is a secure method, new research shows that hackers have unfortunately found effective ways to circumvent it, and the use of these methods is increasing, according to Gizmodo.
Research by Aston Brook University and cybersecurity company Palo Alto Networks shows that phishing toolboxes are used to hide past authentication. Toolkits are malicious software programs designed to assist cyber attacks. These tools are usually received or distributed by cybercriminals and engineers who sell them on woodpeckers’ associations; Where people can buy malicious digital content like these tools.
A study by Aston Brook, first reported by The Record, suggests that these malicious programs are used to phishing and stealing 2FA login information from users of large websites. The tools are growing rapidly, and researchers have identified at least 1,200 different tools in the woodpecker designed to go through two-step authentication.
Of course, cyber attacks that can bypass 2FA are not new; But the distribution of malicious tools to circumvent two-step authentication shows that these tools are more complex and more widely used.
According to Stony Brook’s study, cookies intended to bypass 2FA are stolen in two ways: Hackers can infect the victim’s computer with information theft malware; ۲. A hacker can steal cookies along with your password during the transfer and before reaching the site where you want to authenticate. This is done by phishing the victim and getting his or her web traffic through a Man-in-the-Middle attack that directs traffic to the phishing website and the related reverse proxy server. This way, the attacker can be placed between you and the website you decide to visit. Therefore, all information transmitted between you and the destination website will be available to the attacker.
Once a hacker gains access to your traffic without paying attention to your traffic and consequently browser cookies, he can log in to your account and exploit it. The Record notes that in some cases, such as social media accounts, this time may be too long.
Bypassing two-step authentication will not be easy even with the tools mentioned, and this method is still used as an effective way to authenticate and increase account security. Unfortunately, recent studies show that many people do not even bother to activate and use two-step authentication methods, and as a result, become more attractive prey for hackers.