King Charles III was coronated as the new king of the United Kingdom. When a major historical event occurs, people often look to social media and online news sources for information about the event.
Cybercriminals use high-profile news stories to catch your attention and manipulate your emotions. In the coming weeks, we expect to see cybercriminals referencing the king’s coronation in phishing attacks and social media disinformation campaigns.
Follow the tips below to stay safe from similar scams:
- Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively.
- Be suspicious of emails, texts, and social media posts that contain shocking information about this event. These may lead to disinformation, which is false information designed to mislead you.
- If you receive a suspicious email, follow your organisation’s procedure to report the email.
Latest Security Breaches
Exploit: Human Error
OCR Labs: Technology Company
Risk to Business: Extreme
OCR Labs, a maker of digital identity technology, has experienced a data breach that has exposed sensitive network data belonging to several major clients. The incident was caused by a misconfiguration of the company’s system that left the data available on the internet to anyone. The data leak affected a range of clients, including various financial institutions in the UK and Australia. QBANK, Defence Bank, Bloom Money, Admiral Money, MA Money and Reed are affected. The company said that it has taken steps to address the problem. Read more here
Exploit: Supply Chain Cyberattack
Coles: Supermarket Chain
Risk to Business: Severe
Major Australian grocery chain Coles has announced that customers with Coles credit cards may have had sensitive data exposed in the recent Latitude Financial data breach. Coles has used Latitude Financial as a service provider for its store credit cards until 2018. Coles has not been specific about how many customers may be affected or what data is exposed, but it would be from accounts opened before 2018. Read more here
MFA Bypass Attacks
You have MFA switched on, so your company is safe, right? Right?…well maybe not. As more and more companies turn on MFA to protect their businesses, criminals have had to find ways around the protection. Here are some of the ways criminals can bypass MFA:
- MFA Fatigue – MFA requires account access via a personal device. A smartphone pop-up or email may grant access if accepted. However, the criminal spams the user through continued MFA requests until the user clicks approve just to stop the pestering.
- Token Theft – After introducing an application, multi-factor authentication protocols may install a session cookie on your machine to allow you to continue. If an attacker steals that session cookie and moves it to another device, all the rules to retrieve it are meaningless, and you have a problem.
- Adversary-in-the-Middle (AiTM) attacks – Machine-in-the-Middle or Adversary-in-the-Middle attacks circumvent MFA. This phishing exploit tricks users into visiting a malicious link, allowing hackers to bypass MFA. An attacker first tricks a user into clicking on a malicious URL that leads to a proxy server. This server lets the attacker intercept network traffic between the user’s computer and the legitimate web server. The attack can then steal tokens by capturing the user’s web session data, including credentials and MFA session cookies.
How to avoid MFA bypass attacks
Switch On Number Matching
Number matching is a security feature designed to prevent MFA bypass by ensuring that only a legitimate user requesting access can authenticate their identity. The way it works is straightforward: when a user needs to approve a sign-in attempt, they’ll be given a code on their browser, which they must then input onto their mobile device to allow the authentication. This is also known as a verified push.
Consider Phish-resistant MFA methods
Passkeys, introduced by Apple and security keys such as Yubico’s Yubikey 5 are built on the FIDO alliance. Using hardware tokens as part of multi-factor authentication is already very safe, and attackers would need access to the physical token to get into an account. One of the safest and most effective ways to stop token-based and AiTM MFA attacks is to combine this with FIDO2 passwordless access.