How an unsuspecting employee let hackers into their computer network
Needing to use multi-factor authentication (MFA) every day, multiple times a day, can be seen as a real headache to deal with. Enough so that hackers are using human behavior regarding MFA against them in order to steal vital business information which is usually caused because employers dont offer in-house IT staff training.
Multi-factor authentication (MFA) is still one of the best things that can be used to help secure users’ accounts from computer criminals, and because of that, MFA is one of the standards that the security industry recommends first when consumers and businesses are looking to protect themselves.
MFA is also usually the last remaining wall standing between hackers and the bounty of information that they’re looking to compromise.
Frequent use of MFA can even lead to users not reading or even paying attention to push notification boxes or prompts that appear on the screen that asks for their approval. Typically, the prompt pops up and the default behavior is to see it and click accept.
Hackers know that users are on autopilot with permissions, and they are increasing their attacks to exploit that behavior.
Using a technique called multi-factor authentication fatigue, the bad actors flood a user’s authentication app with push notifications. The hope is that the user gets tired of the constant request for permissions and accepts the request, thereby allowing the hacker to gain access to an account or device.
What can happen When You Don’t Offer IT Staff Training
In May of 2022, Cisco was hacked by the Yanluowang ransomware group, and the attacker tried to extort the company under the threat of leaking the files they stole online.
Thankfully, the attackers were only able to harvest and steal non-sensitive data from the hack, but the outcome could have been much worse.
The attackers gained access to Cisco’s system by stealing an employee’s credentials through multi-factor authentication fatigue.
Through MFA fatigue and a series of voice phishing attacks, the employee was convinced that the bad actors were actually a trusted support organization.
After the victim accepted one of the MFA notifications, the attackers gained access to the VPN of the targeted user.
The bad actors then moved into the Citrix environment and compromised a series of servers and domain controllers.
After the attackers gained domain admin rights, they used software tools that allowed them to collect more information. They also installed a series of payloads onto the compromised systems, including a backdoor malware.
Cisco was able to detect and remove the attackers from their servers, but some files had already been stolen.
Why Cisco’s experience matters for your company –
Hackers are not opposed to targeting unsuspecting employees by using MFA fatigue and psychological phishing techniques in an effort to gain access to company systems.
There is no existing malware software that will stop a hacker from using a real employee’s credentials and logging in with valid log in information, should an employee be caught unaware by a focused attack to gain their data.
An unsuspecting employee isn’t going to think twice about accepting push notifications or MFA requests, as it’s part of their everyday environment.
Employers Need to Offer IT Staff Training
Encourage employees to be present and alert while computing.
If something looks suspicious, have employees report it so that their concerns can be addressed.
Should someone call asking questions about your computer security, or what company you use for IT support, don’t answer their questions.
As a RHYNO client, if you’re unsure if the person calling your company claiming to be from RHYNO really is an employee, ask the caller for their name, then tell the caller that you’ll need to call them back. Then, call RHYNO’s phone number directly and ask to speak to the person that just called you.
It’s important to be aware of MFA fatigue and phishing, and to practice good computing habits online. Exercise caution when clicking on links in emails that take you to web pages and before opening unknown files.
Taking a little time to train employees about hackers can save your business, especially if a ransomware hacker decides to try to go through one of your employees in order to access your company’s network.
For your network and computer security needs, give us a call toll-free. RHYNO Networks (855) 749-6648.