Phishing is one of the greatest contributors to healthcare data breaches, and these attacks are on the rise. As tactics become increasingly sophisticated, it’s crucial to take proactive steps to protect your organization and prevent cybercriminals from gaining access to sensitive information. Recently, reports have surfaced about a new phishing 2FA bypass attacks (two-factor authentication).
A cybercrime group called Sneaky Log sells a phishing-as-a-service kit called Sneaky 2FA. According to a new report, this kit uses built-in intelligence that allows it to evade detection from both bots and other types of security, such as scanning tools. This unique ability may make it a more powerful tool than other kits. Other common 2FA bypass attacks, such as FlowerStorm, also target Microsoft users.
How to Protect Against 2FA Bypass Attacks
As is the case in all areas of information security, no single action can completely prevent attacks aimed at bypassing 2FA or eliminate the associated risks. What can be done, however, is a coordination and integration of multiple controls. And in this case, combining both the administrative and the technical controls would be most effective. Consider implementing the ten controls below when defending against 2FA bypass attacks.
1. Implement Privileged Access Management (PAM) to Protect Privileged Accounts
Privileged Access Management (PAM) can be executed to protect privileged accounts using several methods, including:
- Centralizing privilege management to provide enhanced control and efficiency over how these credentials are managed and accessed.
- Enforcing least-privileged access for users and systems.
- Implementing or enhancing session management and monitoring for privileged accounts to provide visibility and accountability.
- Ensuring thorough logging and alerting of all privileged account access; some accounts may need alerts for both failed and successful logins.
- Mandating regular training for all privileged account users.
2. Educate Users Against Social Engineering
It’s important to educate users through regular training, using real-world scenarios, while also keeping it engaging and interactive. Work with your teams on the best approaches to educate against social engineering. A friendly tip: incentives may sound like a good idea, but in a phishing campaign, they could quickly deplete the incentive program and not serve as an effective educational or training tool.
3. Implement Advanced Anti-Phishing Tools
First, check the tools you’re using. Are they the right fit for the job of securing yourself from 2fa bypass attacks? If not, switch up your tools to help provide better coverage. If the tools you’re using are the right fit, check to see if these tools need any tuning. Threats are constantly evolving, so it’s important that your security tools do, too. Few tools in the information security space remain static, so be sure to regularly check your tools to ensure they’re up to date. Prevent domain spoofing by enabling domain-based email authentication protocols like:
- SPF (Sender Policy Framework)
- DKIM (DomainKeys Identified Mail)
- DMARC (Domain-based Message Authentication, Reporting & Conformance)
4. Monitor and Restrict Access
You can enable real-time monitoring of 2FA-related anomalies to proactively detect and respond to any potential attacks. Additionally, use IP listings to allow or deny access based on trusted regions or devices. For those who travel for work, implement policies that require them to notify security operations before traveling to designated regions. Lastly, enforce session expirations after a certain time frame to limit exposure.
5. Deploy Risk-Based, Adaptive Authentication
Require additional verification or restrict access in response to anomalies in login behavior, changes in device fingerprints, and suspicious IP addresses.
6. Enforce Device Security
Enforce device security by ensuring all end-user devices are updated with the latest patches. Also, ensure all endpoint defenses are current and enforce strong password controls for end-user devices. Utilizing a password management tool can help users maintain good password hygiene.
7. Educate Users and Support Staff About Recovery Option Processes
It’s important for users to understand the recovery process. If the user of a privileged account needs to regain access, additional identity verification may be required. Therefore, educating users on how to strengthen the identity verification process can benefit the security of the account and the overall system.
8. Enable Account Lockouts and Alerts
Implement strict lockout policies after a defined number of failed login attempts and train users on best practices to prevent account lockouts. Be sure to report login attempts from unrecognized IP addresses or regions.
9. Require Mutual Transport Layer Security (mTLS)
If users are directed to a webpage at any part of the authentication or reset process, require mTLS to prevent spoofing of that site.
10. Regularly Test and Train on 2FA Bypass Prevention Controls
Implement training to raise awareness of all policies and practices, and offer advanced training for support staff, privileged users, executive staff, and individuals who may be at a higher risk of being targeted by 2FA bypass attacks. Utilize tabletop exercises or simulations to evaluate the effectiveness of all 2FA bypass controls.
Protect Your Healthcare Organization with Fortified
Phishing attacks remain one of the leading causes of healthcare data breaches. As these attacks become more advanced, phishing attacks that bypass two-factor authentication will take advantage of human errors, weak protocols, or inadequate security practices. To minimize the risk of attacks, it’s important to implement robust, phishing-resistant technologies, educate users on security best practices, and enforce secure policies for all users.
If you’re concerned about the increase in phishing attacks affecting your organization, Fortified Health Security can help. Our Managed Phishing Service, designed with a unique and tailored approach, is just one of the many services we offer to help protect your organization against healthcare data breaches.
