Detexian

Detexian

Simplifying SaaS security

2020/07/09

What does enabling MFA prevent?

A simple control that blocks 99% of account compromise attacks. Find out how to turn it on at all times.

In July of 2019, IBM released the annual “Cost of a data breach” report by the Ponemon Institute. The 2019 edition highlights the rising costs of a data breach and, in particular, the costs of an account takeover attack.

To follow up from this report, Microsoft published the following statement “MFA can block over 99.9 percent of account compromise attacks. With MFA, knowing or cracking the password won’t be enough to gain access” as part of their entire security blog which can be found here.

“There are over 300 million fraudulent sign-in attempts to our cloud services every day. Cyberattacks aren’t slowing down, and it’s worth noting that many attacks have been successful without the use of advanced technology. All it takes is one compromised credential or one legacy application to cause a data breach. This underscores how critical it is to ensure password security and strong authentication. Read on to learn about common vulnerabilities and the single action you can take to protect your accounts from attacks.”

The blog discussed the following vulnerabilities:

  • Business email compromise: where an attacker gains access to a corporate email account, such as through phishing or spoofing, and uses it to exploit the system and steal money. Accounts that are protected with only a password are easy targets.

  • Legacy protocols: can create a major vulnerability because applications that use basic protocols, such as SMTP, were not designed to manage MFA. So even if you require MFA for most use cases, attackers will search for opportunities to use outdated browsers or email applications to force the use of less secure protocols.

  • Password reuse: where password spray and credential stuffing attacks come into play. Common passwords and credentials compromised by attackers in public breaches are used against corporate accounts to try to gain access. Considering that up to 73 percent of passwords are duplicates, this has been a successful strategy for many attackers and it’s easy to do.

In a SaaS-first workplace, business email compromise can lead to significant financial loss. Most recently, our New Zealand friends will be aware of the fact that, Team New Zealand, the three time winning America’s Cup syndicate suffered a financial loss due to a major European supplier’s business email compromise. Further reporting that has come out has shown that the initial loss in this case was due to a privileged account being compromised (likely via password reuse) and access was granted to the invoicing email solution. The attacker then used this access to change the bank account for payment on future invoices. When Team New Zealand received an expected invoice, they approved it and paid into the attacker’s account. This is a classic account takeover attack that would have been prevented by Multi-Factor Authentication.

Attempts have been undertaken to recover the money. Some has been recovered but the true cost to Team Zealand is far larger than the money. They have suffered a significant reputational cost in that the New Zealand government launched an investigation and audit of their finances to ensure that no public money was lost.

Find out how you can automate audit of MFA status for privileged accounts in minutes and keep track of changes at all times. Inquire now for a free demo.

Secure what you can't see in the cloud

info@detexian.com
710 Collins Street
Melbourne VIC 3008
Australia
 
9848 Mercy Rd #2
San Diego 92129
USA

Get the latest information about SaaS security misconfigurations

Copyright Detexian 2020 All Rights ReservedTerms & ConditionsPrivacy Policy