Hackers targeting Google, Yahoo, and Proton Mail accounts are able to pass two-factor authentication

Security / Tech

Researchers from Amnesty International published a report that highlights recent phishing operation that is hacking accounts in the Middle East and Africa.

The internet is a relatively young technology but thanks to rapid advancement, it has grown up fast. So much so that security and protection measures can be broken as quickly as they are deployed. Hackers and bad actors are just as clever as their security counterparts. There was a time when it was thought two-factor authentication was the ultimate way to protect your online accounts.

Over the past few years, more security experts have agreed that using two-factor authentication is a good idea but it isn’t always foolproof. Now the evidence that two-factor authentication isn’t always going to protect you is being shown in the real world. A new campaign targeting Gmail, Yahoo, and Proton Mail accounts is bypassing accounts with two-factor authentication (2FA) as well as breaching secure email services.

Researchers from Amnesty International published a report that highlights recent phishing operation that is hacking accounts in the Middle East and Africa. The report says this operation is targeting individuals and companies who are Human Rights Defenders. Researchers say they were able to trace back the origin of the attackers to the United Arab Emirates, Yemen, Egypt, and Palestine.

The hackers sent phishing emails to the targets that posed as security alert messages. The goal of their emails was to persuade their targets to click phishing links. Those links redirected the users to domains that appeared to be legit Google and Yahoo domains but they were not. The hackers would rotate the domains so the registrars wouldn’t shut them down.

two-factor authentication
You can protect yourself further simply by questioning suspicious emails that you receive.

The phishing site was designed to obtain account credentials as well as the 2FA code required to access the account. Once the researchers logged into one of the fraudulent domains using a throwaway Gmail address, they were alerted that a 2FA code had been sent — triggered by the automated scheme.

The phone number used to create the account did receive an SMS message. The phishing page requested the code, and once input, presented the team with a form asking them to change their password before redirecting them to a legitimate Google login page.

“In a completely automated fashion, the attackers managed to use our password to login into our account, obtain from us the two-factor authentication code sent to our phone, and eventually prompt us to change the password to our account,” the nonprofit says.

As the entire system is automated, the verification code can be used to compromise an account before 2FA tokens expire.

These operations targeted both Gmail and Yahoo mail but a second operation also targeted Proton Mail and Tutanota Mail. Both of these are considered a more secure option than Gmail or Yahoo but hackers were still able to break 2FA.

While it’s still a good idea to use 2FA whenever possible we now know for certain that 2FA is becoming easier to bypass. You can protect yourself further simply by questioning suspicious emails that you receive. Investigate further and read carefully before you click any links. The bad actors are keeping up with the good guys so we have a responsibility for our own protection as well.

What do you think of this latest phishing operation? What do you think of 2FA being bypassed? Let us know in the comments below or on Google+, Twitter, or Facebook. You can also comment on our MeWe page by joining the MeWe social network.

  Source: ZDNet
Comments
To Top