TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

To MFA or Not To MFA | Huntress

2024-11-18 · Read original ↗

ATT&CK techniques detected

11 predictions
T1556.006Multi-Factor Authentication
86%
"##ring these kinds of attacks. by enforcing mfa, you ' re raising the technical barrier of entry for a hacker looking to score a business email compromise payday. simple password attacks are effective against non - mfa identities, but enforcing any kind of mfa forces attackers to…"
T1556.006Multi-Factor Authentication
86%
"to mfa or not to mfa | huntress to most people, mfa stands for “ multi - factor authentication. ” if you ’ re samuel l. jackson, it might mean something else, but we won ’ t go there. mfa can seem like a mostly fruitless annoyance at times. but today, i ’ d like to show you how t…"
T1528Steal Application Access Token
82%
"needing to log in for every request. instead of inputting their username, password, and mfa code, the user can simply present the token and that will satisfy the login requirements. the issue is that generally speaking, there is nothing preventing the reuse of that session token …"
T1528Steal Application Access Token
81%
"aitm ) attacks, where an attacker tricks a victim into authenticating to a transparent proxy which brokers authentication to the real microsoft 365 service. evilginx is the most well known of these aitm toolkits, but many phishing - as - a - service kits like nakedpages and evilp…"
T1555.003Credentials from Web Browsers
80%
"malware, which is often distributed through seo poisoning and malvertisement, will scrape the file system of a victim endpoint for credential information that resides in memory and on disk. the resulting credential information is then transferred to attacker - controlled infrastr…"
T1078Valid Accounts
79%
"attacks. we call this class of attacks credential theft. without mfa, nothing prevents a hacker from accurately guessing or discovering your identity account password and simply waltzing in the front door via standard authentication. and we at huntress know too well that credenti…"
T1556.006Multi-Factor Authentication
77%
"suspicious and the soc was able to stop an account takeover in progress, eject the hacker, and provide clear remediation instructions for how to prevent the attack in the future. steal that session! on the other hand, the attacks against identities that do use mfa are more compli…"
T1556.006Multi-Factor Authentication
70%
"using mfa at all, are using the more basic forms. this blog is heavily rooted in my experience in defending the smb from account takeover, so i ’ m here to discuss how mfa factors into that defense. “ it ’ s just too inconvenient! ” i only accept two reasons for why someone will …"
T1621Multi-Factor Authentication Request Generation
49%
"##ring these kinds of attacks. by enforcing mfa, you ' re raising the technical barrier of entry for a hacker looking to score a business email compromise payday. simple password attacks are effective against non - mfa identities, but enforcing any kind of mfa forces attackers to…"
T1556.006Multi-Factor Authentication
39%
"your smb users eschew mfa due to inconvenience, like that guy from kung pow! enter the fist once said, “ i implore you to reconsider. ” mfa could be the thing that prevents your payroll from disappearing in a wire transaction. the rest of this blog examines exactly why mfa plays …"
T1003OS Credential Dumping
39%
"attacks. we call this class of attacks credential theft. without mfa, nothing prevents a hacker from accurately guessing or discovering your identity account password and simply waltzing in the front door via standard authentication. and we at huntress know too well that credenti…"

Summary

MFA could be the thing that stops your payroll money from disappearing in a wire transaction. So why do we treat it as an optional inconvenience?