Identity Threat: How Attackers Bypass MFA to Launch Ransomware скачать в хорошем качестве

Identity Threat: How Attackers Bypass MFA to Launch Ransomware

Phishing remains the #1 initial access vector for cybercriminals that leads to ransomware and other cyberattacks. In this video, we discuss how phishing-as-a-service kits like Tycoon 2FA are changing the game — using advanced adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication (MFA) and steal session cookies for account takeover. Even with MFA, no security control is foolproof. Learn how attackers are adapting—and how SpyCloud can help your organization stay ahead of security & identity threats. Main Discussion Points: Why phishing continues to top organizations’ security concerns: credentials, financial information, email, cloud services How Tycoon 2FA and similar kits can bypass MFA protections: session cookies, no additional future authorization checks. How SpyCloud recaptures stolen credentials from phishing kits to protect users: securing users accounts, monitoring the darknet. Aurora is an information security researcher and cybersecurity policy expert who worked as a Senior Analyst for CISA before joining SpyCloud. She is SpyCloud’s Manager of Security Research Partnerships and also leads SpyCloud’s Responsible Disclosure program to alert organizations when SpyCloud finds their sensitive breached, leaked, or exposed data through its collections. Aurora participates in a range of volunteer and public-private initiatives to track and disrupt the cybercriminal ecosystem and was a recipient of the President’s Volunteer Service Award in 2023 for work with the U.S. government against cyber security threats. Takeaways: Phishing is still the top initial access vector, with session hijacking becoming a growing threat. MFA is a critical layer, but it’s not foolproof. Organizations should combine multiple defenses. Request a SpyCloud demo today to learn how we identify collection points & recapture credentials to help users understand when & what data was exposed: https://spycloud.com/request-a-demo/