April 3, 2019 | Written by: Michelle Reinhold
Using Multi-Factor Authentication to Prevent New Threat
Proactively Protect Your Identity
Privacy is paramount for both our personal and business lives. We rely on passwords to maintain that privacy on the devices and accounts we use every day. If we are doing our due diligence, these passwords will be strong; using a complex variety or letters, capitalization, numbers, special characters or through the use of phrases. We also should not be using the same password for all of our devices or accounts because if one of them is compromised, it no longer matters how complex it was. Sometimes though, all of our careful planning may not be enough and a breach can occur anyway, so it’s important to be proactive in ways to defend ourselves.
Cyber attacks come in many forms and the end game is often to obtain your passwords and personal information. With your password in hand, they may have access to one or more of your accounts to obtain your personal details. Brute force attacks used to be pretty common but more recently password spraying attacks are being used. A brute force attack is a hacking method where the attacker will attempt to unlock an account by attempting a series of password tries in rapid succession. Password spraying approaches many accounts at once but at a slower pace to avoid locking out the account or alerting the user.
Proofpoint recently published information on how attackers are using the password spraying tactics to gain access to companies’ cloud-based accounts. Essentially, a hacker using password spraying will attempt a login across many email addresses at once with information gained from a collection of millions of unique emails and passwords. If none are successful, they may try a new password for the same group of emails or try a different series of accounts. Once the correct password is matched, the user may receive a notification if the account has multi-factor authentication, but this also lets the hacker know they found a match.
So, if all of this is happening without us knowing, how can we defend against it? For this, we have a solution- Cisco’s Duo Security, Inc. (Duo), an identity management service provider. With Duo, a Duo access gateway (DAG) can be setup. With a DAG established, a user is redirected to a DAG login screen upon attempting to sign into an associated device or account. When appropriate credentials are entered, a push notification is sent to their mobile device for verification via text message or automated phone call. Once the push is confirmed, the user is granted access to the device or account they are logging into. This may sound like a complicated process but its not any more intensive than any other login. The only way a hacker would have access to your system, with this multi-factor authentication (MFA) approach, would be if they also have the mobile device you use for push notifications.
This method of MFA can be applied across a multitude of applications such as computer logins, VPN access, and a wide range of programs. A Duo Administrator can set up Duo to use the same MFA across multiple platforms, making the verification process simple for users by not having to sign in with multiple different MFA systems. The cost to use Duo is not based per app but rather by the number of users who will be given access, so you can setup MFA for as many services as you like once you have users assigned.
In the Proofpoint article we learn that many of the password spraying attacks are targeting Office 365 accounts. Password spraying abuses legacy mail protocols, POP3 and IMAP, to bypass Microsoft’s MFA, leaving accounts that still use these protocols vulnerable. You should contact your Office 365 administrator or BIG representative to have these protocols disabled/reviewed in addition to exploring a DAG setup to continue protecting Office 365 and your other programs.
Protecting your workers, yourself and your business should always be a top priority. Smart and safe password practices are a great start, but taking a proactive approach with MFA will help prevent password breaches and will ensure your privacy and security.