Identity Attacks Overtake Exploits as Top Ransomware Cause
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.
MFA reduces account takeover by requiring another proof of identity, limiting damage from stolen passwords; protect fallback and recovery paths too.
Search across headline titles and summaries.
Background for this topic.
MFA requires a user to prove identity with at least two different factor types: something they know, have, or are. It limits account takeover when a password is exposed, but protection depends on the factors and their implementation; two passwords are not independent factors, and a one-time code delivered by SMS is generally weaker than a phishing-resistant credential.
Attackers may steal or relay one-time codes through phishing, trigger repeated push prompts to induce approval, exploit weak enrollment or account-recovery processes, or hijack an authenticated session after MFA succeeds. Prefer phishing-resistant methods such as FIDO2/WebAuthn security keys or platform credentials for sensitive access, protect enrollment and recovery as strongly as login, restrict weaker fallbacks, and monitor unusual authentication activity. MFA reduces risk but does not replace endpoint, session, or privileged-access controls.
Weekly headline count for the current query.
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.
Two new phishing kits, Jalisco and OmegaLord, have been discovered in attacks targeting Microsoft 365 accounts, using techniques that defeat multi-factor authentication (MFA). [...]
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
Acquisition Adds MSP-Friendly PAM, MFA and SSO to Existing Identity Security ToolsBarracuda acquired Evo Security to add privileged access management, multifactor authentication and single sign-on to its security platform, creating an MSP-focused identity resilience offering designed to simplify protection for small and midsize businesses while automating identity management.
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments. [...]
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA)
Financial institutions are putting their clients at risk in the name of convenience.
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]
One rule for the workers, another for execs
Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. [...]
Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. [...]
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search
Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security. [...]
Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]
Also, Kali365 Bypasses MFA, Silent Ransom Group Makes Office CallsThis week, active duty troops tracked, Kali365 bypassed MFA, Australian lawmakers phished on WhatsApp, Silent Ransom escalated IT scams, Lithuania and German hospitals disclosed breaches, pro-Russian infrastructure providers arrested, CISA warned of active LiteSpeed exploitation.
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile some researcher casually drops a technique that turns a "minor" foothold into total account
Fraudsters Tokenize Stolen Cards Into Attacker WalletsGoogle Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP interception to bypass multifactor authentication and provision stolen payment cards into attacker-controlled digital wallets worldwide.
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal the second factor: they just need the user to hand it over