FBI Warns About Attacks That Bypass Multi-Factor Authentication

The US Federal Bureau of Investigation (FBI) last month sent a security advisory to private industry partners about the rising threat of attacks against organizations and their employees that can bypass multi-factor authentication (MFA) solutions. From a report: “The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks,” the FBI wrote in a Private Industry Notification (PIN) sent out on September 17. While nowadays there are multiple ways of bypassing MFA protections, the FBI alert specifically warned about SIM swapping, vulnerabilities in online pages handling MFA operations, and the use of transparent proxies like Muraen and NecroBrowser.