With all eyes on the COVID-19 response and recovery, advanced persistent threat (APT) groups are exploiting the pandemic as a means to initiate phishing, social engineering schemes, and brute force cyberattacks.
In one week, Google reported seeing more than 18 million daily malware and phishing emails related to COVID-19 scams. In May, the United States Department of Homeland Security issued a joint alert advising of an increase in password spraying attacks targeting healthcare and other essential services.
Password spraying is a popular tactic for gaining unauthorized access to networks, applications, and systems. It’s a type of brute force attack that hits a massive number of account logins with a list of commonly used passwords. If that password doesn’t work, the accounts are hit with another common password, and so on.
Eventually, the attacker gets into a system, then moves laterally throughout the network until they find an account with elevated permissions so they can move closer to more sensitive and mission-critical data. This tactic makes Active Directory a frequent target because it allows attackers to quickly locate accounts with privileged access.
Good password protocols, such as proactively addressing weak domain passwords and creating password blacklists, are an important security practice, but implementing mandatory multi-factor authentication (MFA) is a far more effective strategy.
MFA is a quick, easy, and cheap way to beef up enterprise security while providing an excellent first line of defense against password spraying and other identity-based attacks. It protects against unauthorized access because even if the hacker knows the username and password for an account, requiring those additional factors blocks their entry.
A basic MFA setup can be deployed in as little as two weeks and at a minimal cost compared with more elaborate security measures.
Types of Authentication Factors
When we talk about MFA, we are normally referring to three types of authentication factors:
- Knowledge: Things you know such as a password or PIN
- Possession:, Things you have such as a badge or a smartphone
- Inheritance: Things you are, which are indicated through biometrics such as fingerprints or voice recognition
Some of the newer MFA technology also incorporates adaptive authentication that takes into consideration context and behavior when authenticating a user. Adaptive authentication looks at where and when you are trying to obtain access to a resource, what device you are using, and what kind of network you are trying to access.
When a user exhibits atypical behavior, such as trying to access an application from a new location or an unknown device, the user will be required to provide additional authentication factors before they can proceed. This is the best user experience because they are prompted for verification when necessary, not every time they attempt to login.
The MFA-PAM Connection
For mission- and business-critical applications and systems, MFA alone may not be enough protection. Privileged access management (PAM) tools let you secure, control, manage, and monitor admin or temporary user access to critical assets. Integrating MFA in front of PAM ensures that users are exactly who they say they are when logging in.
PAM solutions provide a subset of credentials that give authorized users elevated access and permissions to the accounts, applications, and systems they need to do their jobs or complete a project. However, the admin or temporary user never sees those credentials. If a user doesn’t know the privileged credentials, there is less of a chance those credentials will be used for malicious activities or unauthorized access.
Future-Proof Enterprise Security with MFA
Cybercrime is on the rise and there is no sign that we can expect that to change. Not only are attacks becoming more frequent, more destructive, and more expensive to recover from, but attackers are also becoming savvier with their tactics. Organizations must constantly adapt their security strategy to combat new and evolving threats, and that includes your MFA solution.
MFA needs to grow with the market and adapt to the new types of attacks as they emerge. Remember when MFA meant getting a call or text with a one-time-use code? Then hackers started man-in-the-middle attacks and number spoofing, and MFA had to change authentication methodologies.
One of the best ways to ensure your organization’s security needs are met in today’s uncertain business security environment is to work with an identity and access management professional who will take the time to understand your business systems and applications. A knowledgeable IAM professional will recommend a variety of technologies, including MFA, to keep your systems secure from known and unknown threats and aligned with current and future trends in the market.
Multi-factor authentication technology isn’t unhackable, but it does create an excellent first line of defense against password spraying and other brute force and phishing efforts. MFA is easy and comparatively inexpensive to implement, so there is no real downside to adding it to your security strategy. Think of MFA like having a dog at home. Technically, yes, someone could break into your house and steal your stuff, but the Bad Guys are more likely to burglarize a house that doesn’t have a dog because it’s just easier.