The cybercriminals behind Business Email Compromise (BEC) attacks are constantly adapting their tactics. This demands that you adopt a multi-layered security approach that embraces a range of strategies to keep you secure. Multi-Factor Authentication (MFA) is one essential element.
However, MFA alone is no panacea.
MFA can also be circumvented. That’s why Eftsure is essential to prevent you from experiencing losses if cybercriminals manage to bypass your MFA controls.
In this blog, we explore MFA and how cybercriminals are finding ways around MFA to launch BEC attacks against unsuspecting organizations.
Multi-Factor Authentication: Your First Line of Defence
Multi-Factor Authentication (MFA) is one of the most important security features to help secure your organization’s networks, applications, endpoints, and critical data.
The good news is that adoption of MFA is quite widespread. Every time you’re prompted to enter a One-Time Password (OTP) that is sent to you via SMS or email, that’s MFA at work. Some systems require you to install an application on your mobile device that provides a time-restricted OTP. Other systems require you to be in possession of a token or USB stick that acts in a similar way. There’s even a trend towards biometrics as a way of authenticating users.
The core principle behind MFA is that you should have at least two, but preferably three of the following in order to authenticate:
Something You Know (Such as a password)
Something You Have (Such as an OTP, token, or USB stick)
Something You Are (Such as your fingerprint or iris scan)
MFA aims to ensure only an authorized individual is being authenticated to access a particular system.
Why is Multi-Factor Authentication Necessary?
In a world beset by data breaches, a simple password is not enough to secure your organization.
Passwords are routinely compromised and available to cybercriminals through the dark web. Cybercriminals now routinely engage in brute-force attacks where they bombard a system with millions of passwords in an attempt to gain entry.
And, despite years of awareness raising, anecdotal evidence indicates that many employees continue to use weak passwords, or the same password for multiple systems and applications.
A better way than a simple password is urgently required.
MFA has emerged as the answer. Rather than just requiring a login and password, MFA requires evidence that the individual seeking access to a particular system or application is a legitimately authenticated individual.
If your organization doesn’t yet have MFA installed on all your systems and applications, in particular your email clients, then stop everything and make it your top priority!
Can Multi-Factor Authentication be Circumvented?
In short, it’s not easy, but it is possible in some circumstances.
Recently, it was discovered that unauthorized access to a mailbox was possible in some instances, despite MFA being enabled. Following a thorough investigation, it was discovered that accessing mailboxes through webmail using legacy protocols, such as IMAP, POP3, or SMTP, could allow an attacker to bypass MFA.
Unlike the Outlook application available through Office 365 (o365), webmail alternatives that rely on legacy protocols do not prompt MFA. All that’s needed to access a webmail-based mailbox is the standard userID and password.
Despite having migrated to o365, many organizations have neglected to disable legacy webmail. There may be valid reasons for retaining webmail. It is often convenient for staff to have access to their work email from any device without having to install the Outlook application on every device.
However, this convenience may be coming at the expense of exposing your organization to a greater risk of BEC attacks. Because these legacy protocols don’t prompt MFA, they have emerged as the preferred entry points for cybercriminals seeking entry to your organization’s mailboxes and paving the way for BEC attacks.
Ideally, legacy protocols should be blocked at the o365 level. However, if that is going to cause too much inconvenience to your staff, an alternative approach is required.
How can Eftsure help?
If your organization still enables webmail access to mailboxes that rely on legacy protocols, you need some way to ensure you are not being defrauded through BEC attacks.
Having Eftsure sitting on top of your accounting processes will help you achieve the layer of security you need.
Every time an EFT payment is about to be processed by your Accounts Payable department, the banking information will be cross-matched against our database comprising over 2 million Australian organizations.
This ensures that the banking information is legitimate and has not been manipulated by cybercriminals with unauthorized access to your mailboxes.
For a full demonstration of the many ways Eftsure can help protect your organization from the risks of BEC attacks, contact us today.
