Nobelium, the Russian cyber group that was responsible for executing the Solarwinds attack is at it again, and this year they have found a new way to leverage human error and social engineering. According to a report published on Monday, December 6th, 2021 by Mandiant, the Russian hacking group has deployed a unique and annoying method allowing them to bypass 2FA.
According to the report, there have been several incidents investigated in which Nobelium members gained access to users’ valid login credentials. The group then used those compromised credentials to continually attempt to access said accounts. From the users’ perspective, countless push notifications were sent to the victims’ devices until one of the many requests was eventually accepted.
It remains uncertain if individuals whose accounts were targeted accepted the push notification by accident, out of sheer frustration, or out of habit. Either way, the hackers were able to leverage the annoying notifications to work in their favor and eventually gain access to many of the target accounts.
Human error is often overlooked when it comes to security posture, and continues to remain one of the most challenging vulnerabilities of cybersecurity. A study by Gartner found that roughly ¼ of data breaches are attributed to human mistakes. These errors can be as small and unintentional as leaving a laptop in a taxi, forgetting a smartphone on a restaurant table, or approving an MFA challenge out of habit when the request should have been denied. While these mistakes may not seem significant, the impact of an accidental MFA approval can be catastrophic to an organization that depends on multifactor security to prevent breaches.
As hackers become more strategic and the technology they use continues to improve, it is critical that organizations have a comprehensive plan to avoid data breaches that occur due to human error. Had something like Twosense software been implemented into these security systems, a passive biometric authentication would have replaced the mobile-based push notification without the opportunity for a user to make a mistake.
The fundamental pillar of Twosense is passive biometrics: the collection of behaviors or characteristics that are intrinsically part of who someone is. Passive biometrics are distinct from traditional biometrics like fingerprint scanners in that no participation is required by the user. The biometric data is passed into a cloud-based machine learning system that builds a model of each user’s behavior.
This would have allowed the behavior of the unauthorized user to be compared to the pre-existing model of the authorized user and would have prevented access to the account. The user would have also remained blissfully unaware of the attempts to use their account, and would have prevented them from granting access to the attacker.
Are you ready to go beyond 2FA? Let our team show you how Twosense can give you better security and a better user experience by scheduling your demo today.