In our first part, we discussed what two-factor authentication is as well as how it works to keep you secure when online. In this second part of the article, the Adaware Malware Lab Team will dig a little deeper into 2FA, including looking at some of the latest scamming techniques that hackers are now using to attempt to bypass two-factor authentication.
Two-factor authentication works on the logical premise that if a hacker gains access to a first factor (your password), then they will be stuck on the second factor. For the most part, this is true, and this is what makes 2FA such a deterrent against hackers. However, recently new hacking techniques have been brought to the attention of security experts which shows a potential chink in the armor of 2FA
Enter Muraen and NecroBrowser
At the recent “Hack in the Box” conference that took place between the 6th and 10th of May in Amsterdam, attendees were blown away to see demonstrations of new hacking techniques called Murean and NecoBrowser. This new hacking solution consists of two components, which work in tandem to automate the attacks: A transparent reverse-proxy called Muraen and a Docker container for automating headless Chromium instances called NecroBrowser.
Here is how Murean and NecoBrowser works:
In a standard phishing attack, the victim will unwittingly enter their information on a fake login page which is located on a hacker-controlled server. Two-factor authentication can thwart this type of attack with ease because at no time is their interaction with the real websites to trigger the generation of the one-time-use codes. In order to bypass the two-factor authentication, hackers need to not only know the password, but they also need to know another factor.
To outfox two-factor authentication, hackers need to have their websites function as an intermediary between the user and legitimate site. In other words, in realtime, the hacker’s proxy site needs to be capable of forwarding requests from the user to the intended website as well as offer responses from the legitimate website and forward it to the user. Once the Muraena authenticates the session’s cookie, it is then passed along to NecroBrowser, which can create windows to keep track of the private accounts of tens of thousands of victims.
The end result of this is that the hacker can not only gain access to user names and passwords, but they can also get access to session cookies. The session cookies can then be redirected inside a browser before they expire in order to access the user’s data.
Two-Factor seems to be a lot of trouble?
Two-factor authentication does not take a lot of extra time to set up or use, but it does require an extra step when logging into your accounts. According to the security experts at the Adaware Malware Labs, 2FA does not necessarily need to be used for every application, but it is highly recommended for apps and sites that require that extra bit of security like banking, schools.
Will 2FA make my accounts more secure?
With how fast technology is changing, it is nearly impossible for a security product to offer perfect, foolproof protection 100% of the time. Having said that, by combining two of the three types of authentication factors, two-factor authentication makes it extremely difficult to hack into your account.
Despite the potential for a hack of this type to happen, 2FA is still considered a best security practice available today, far better than the alternative of relying on a username and secure password. You not only make your data more difficult to attack maliciously, but you also make your data a less attractive target.
We love to hear from all of our readers. If you have any questions regarding your online security, do not hesitate to let us know.