Credential stuffing is increasing at a record pace. According to Okta’s State of Secure Identity Report, 2022 has delivered two of the largest credential stuffing attacks ever witnessed. Across all industries, credential stuffing accounts for 34% of the platform's overall traffic/authentication events. This, however, is not shocking if you have been paying attention to hacking trends this year.
Attackers are increasingly targeting MFA, which is something that Twosense has spoken at length about in our blogs here. In fact, 2022 was coined “The year of MFA bypassing” by CEO and Co-Founder Dawud Gordon, Ph.D. back in January. Okta’s recent report confirms just that. In addition to seeing an increase in credentials stuffing, Okta says that the first half of 2022 saw a higher baseline of attacks against MFA than any previous year in their dataset.
This is something that has been witnessed publicly, even as recently as this month, in the Uber breach. Several well-known firms and global brands have experienced breaches where MFA bypass via social engineering played a critical role in opening the door to other sensitive data.
As MFA continues to be heavily targeted by attackers, it is imperative that organizations implement best practices when it comes to MFA configurations and standards. The report explicitly states, "As attackers become more sophisticated at targeting this important defensive measure, it's critical that MFA be implemented correctly, and that strong secondary factors are chosen."
While MFA bypassing is an insidious threat, not having MFA is even worse. Okta and other prominent security firms have doubled down on the importance of having MFA deployed everywhere. Simultaneously, they encourage a layered approach to strengthen multi-factor authentication efficacy. Twosense Continuous MFA is helping bridge that exact gap within identity security.
Implementing passive biometrics as a factor for MFA is one proactive measure that can be taken, and unlike SMS and push notifications, passive biometrics are completely phishing-resistant. What that means is passive biometrics will detect an attack, notify an admin, and prevent a breach even if traditional push MFA has been compromised. Biometrics has long been a preferred factor for authentication but has seen a resurgence in popularity when the White House released its OMB memo detailing its plan to move the private sector to a zero trust architecture back in January.
Beyond factors, Okta’s SSI Report also reinforces the importance of continuously monitoring applications for signs of attacks and changes in TTPs. Manually monitoring this activity is a heavy lift for any security or IT team. While there are monitoring tools that can help with this, they often look for unusual activity, but with the right account access, the attack may appear to be the usual behavior for the authorized admin. Twosense Continuous MFA can detect a malicious user within one minute when they remote into a machine with the Twosense agent installed, regardless of what the user is doing.
By focusing on digital behavior, the Twosense cloud-based machine learning platform analyzes the passive biometric data. Whenever a user passes an MFA challenge, each model continues to learn and adapt to changing behaviors. The more behavior observed, the more confident Twosense can be that the user is who they claim to be. When the model is mature, Twosense can validate the user's identity and create a baseline of trust. That trust score is what is used to authenticate the user continuously throughout the day or flag suspicious behavior.
Twosense MFA comes in two tiers, deploys in 3 simple steps, and is invisible to the user. This cutting-edge software does not require hard tokens, onboarding, or training. When attacks take months, reacting within one minute solves the problem before it can grow.
See how Twosense can increase the security posture of your organization by booking your demo now.