This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
08/25/2020
How Threat Actors Are Bypassing Two-Factor Authentication For Privileged Access
Forbes
With the recent attack on Twitter, a bubble has been burst regarding the protective security two-factor authentication (2FA) provides for privileged access and for any user access. While multifactor authentication is still a security best practice, there have been recent attack vectors that circumvent the mitigation controls it provides and prove once again that no security solution is 100% effective.
If you are not familiar with the incident, I will not bore you with the details available from professionals and Twitter support, but suffice it to say the attack was based on social engineering and credential theft that even bypassed 2FA. The attack was successful against a small number of users and allowed the threat actors to access a password reset tool, which gave them access to accounts even though they were considered "verified." This exposed multiple aspects of 130 high-profile accounts, of which 45 had bitcoin tweets associated with them.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more informationResources
Your electronic library to help in fighting financial fraud for all of our partners.
more information