Attackers have learned to bypass the two-factor authentication of Yahoo Mail and Gmail

 3r366. 3r3-31. Attackers have learned to bypass the two-factor authentication of Yahoo Mail and Gmail  3r366.
 3r366. Recently, information security specialists from the company Cerfta Lab have published the results of a study of a number of hacks to the Yahoo Mail and Gmail user accounts. As it turned out, the two-factor authentication technology used by these services has a number of drawbacks that allow attackers to act.
 3r366.
 3r366. The authors of the investigation believe that the hacks were carried out by order of the Iranian government. The goal of the whole campaign was information of hacked accounts. The attack was carried out using an e-mail with a latent image and a script.
 3r366.
3r314.
 3r366.  3r366.
 3r366. The letter itself was a message about the allegedly detected suspicious activity in the user account of the mentioned mail services. These e-mails were sent from addresses like mailservices @ gmail[.]com, [email protected][.]com, customer]email-delivery[.]info. Therefore, not very advanced users, these messages are not suspicious.
 3r366.
 3r366. On the contrary, many sought to click on the button “protect account”, which threw the user to the fake login page of the mail service. When the user entered his data, the attackers used it almost in real time to access the real account. A user who has enabled two-factor authentication, received an SMS with a one-time password on the phone, the attackers somehow got the opportunity to log into the account. They learned to bypass Google Authenticator protection.
 3r366.
 3r366. The researchers drew up a diagram of the used domains and servers that are associated with them.
 3r366.
 3r366. 3r3334.
 3r366.
 3r366. Attackers used a VPN system and a proxy to hide their location. But the researchers managed to restore the original IP range from which the attack was carried out. These were Iranian addresses. In addition, similar working methods have been used and are being used by the Charming Kitten hacker group, which is associated with the Iranian government.
 3r366.
 3r366. The victims, which the attackers were hunting, were, first of all, journalists, politicians, all sorts of social activists from many countries of the world.
 3r366.
 3r366. It is clear that the main way to protect against attacks of this kind is simply not to open suspicious e-mails. Unfortunately, this method does not always work, since many people do not see anything suspicious in a letter compiled supposedly by Google or Yahoo. Situations can be helped by the use of hardware keys (for example, YubiKey), which allow authentication when a USB device is connected to the port.
 3r366.
 3r366. Google conducted a study, the results of which unequivocally indicate that USB keys are much more reliable than smartphones or other systems that can be used for two-factor authentication.
 3r366.
 3r366. Information security specialists also recommend not using two-factor authentication with sending SMS as one of the security components. 3r362. 3r366. 3r366. 3r366.
3r366. 3r362. 3r366. 3r366. 3r366. 3r366.
+ 0 -

Add comment