We’ve pulled out the security crystal ball for the upcoming year and this month we are digging into the attack trends you need to watch for in 2023. This week we’re looking at One-time Password (OTP) bypass attacks.
This attack trend is designed to get past Multifactor Authentication (MFA). MFA works by providing a One-Time Password (OTP) which is then used in combination with a user’s password to gain access. MFA is very effective at preventing malicious sign-in attempts.
To bypass MFA, attackers are now using attacks by:
Reusing a token: Gaining access to a recent user OTP and trying to reuse it.
Sharing unused tokens: The hacker uses their own account to get an OTP and they attempt to use that OTP on a different account.
Leaked token: Using an OTP token leaked through a web application.
Password reset function: A hacker uses phishing to fool the user into resetting a password and then trick them into sharing the OTP via text or email.
Is your business prepared for the cyber threats coming in 2023? Don’t wait to find out the hard way! Contact us to schedule a cybersecurity check-up to stay one step ahead of the cybercriminals.