Real-time phishing reportedly renders two-factor authentication and one-time passwords useless   Leave a comment

Real-time attacks and man-in-the-middle techniques are being used to bypass two-factor authentication (2FA) technology.

Research by Trusteer found that in a real-time phishing attack, the user enters details onto a phishing website which captures the banking credentials and authentication information. The stolen credentials are then immediately used to open a session on the real bank website to commit a fraud.

It said that phishing attacks to date have been completely static, as traditionally the victim reaches a phishing website, submits their login credentials which are then stored for later use by cyber criminals. The introduction of strong two-factor authentication systems, especially one-time passwords, rendered these attacks useless, as fraudsters could not use static stolen credentials to commit fraud.

Even though one-time passwords (OTP) are limited in time and if fraudsters managed to capture OTP data, there is only a small window for them to be used. However Trusteer claimed that cyber criminals have not given up.

Mickey Boodaei, CEO of Trusteer, said: “Recently we have noticed an increase of a type of attack called man-in-the-middle phishing or, real-time phishing. The concept is not a new one and is well known in the security world; however up until now, we have not seen too many attacks like this. The recent escalation of websites now experiencing this type of attack is a cause for immediate concern.

“With real-time phishing, OTPs are becoming useless. There is no update or improvement to OTP that can defeat real-time phishing. The best form of defence is to implement dynamic layers of security, including browsing security, that can adapt to and block new threats.”

http://www.scmagazineuk.com/real-time-phishing-reportedly-renders-two-factor-authentication-and-one-time-passwords-useless/article/190674/?DCMP=EMC-SCUK_Newswire

Advertisements

Posted November 16, 2010 by axxerainc in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: