Targeted one-time passwords, underground services that break multi-factor authentication emerge: these days, in the security area (1/2 page)
Multi-factor authentication has become an indispensable measure to prevent unauthorized access to accounts on the Internet. Even if the ID and password are stolen, it is assumed that the account will be protected if the one-time password is required. However, attacks that try to break through the system are increasing.
At Coinbase, a major cryptocurrency exchange, about 6000 customers had their cryptocurrencies stolen after their multi-factor authentication using SMS was broken.
According to BleepingComputer, it was discovered that from March to May 2021, someone hacked Coinbase customer accounts and stole cryptocurrencies. It is believed that the attackers first obtained information such as email addresses, passwords, and phone numbers that customers had registered with their Coinbase accounts in advance using methods such as phishing.
BleepingComputer articleIf you had set up multi-factor authentication, you should have been able to stop unauthorized access to your account. However, it turned out that there was a vulnerability in the account recovery process using Coinbase's SMS. Attackers exploited this issue to obtain SMS two-factor authentication tokens and steal customers' cryptocurrencies.
The techniques used to break multi-factor authentication are not limited to exploiting vulnerabilities. According to security firm Intel 471, an underground cybercriminal gang is rolling out a service that claims to be able to intercept a victim's one-time passwords for fraudsters.
Intel 471 articleFor example, a bot can trick a victim into entering a verification code such as a one-time password by pretending to be a legitimate phone call from a bank. act on behalf of The fraud group can intercept the authentication code entered by the victim. Not only banks but also payment services such as PayPal, Apple Pay, and Google Pay can be targeted, as well as accounts of major SNS such as Facebook, Instagram, and Snapchat.
The service discovered by Intel 471 has been in operation since June 2021, and both were operated via the bot of the messaging app "Telegram". A dedicated Telegram channel reportedly contained conversations about stealing thousands of dollars from victims' accounts.
Get a one-time password from a phishing scam 1|2NextCopyright © ITmedia, Inc. All Rights Reserved.
To read more, you must agree to the terms of use for comments and register for "ITmedia ID" and "ITmedia NEWS Anchor Desk Magazine"
