Phishing attacks can be automated through a new penetration testing tool published by security researcher Piotr Duszyński. Modlishka is the name of the tool and it can bypass login operations for accounts protected by two-factor authentication (2FA).
Don Duncan, Security Engineer at NuData Security:
“While cybercriminals can get past two-factor authentication (2FA), this should only be one piece in the authentication stack and not the only one. This is why companies are using multi-layered authentication tools that can verify the legitimacy of a transaction from different angles. This way, if one of the layers is fooled by a bad actor, the other layers or tools can flag that activity. It is this in-depth defense that allows companies to provide an exceptional experience for customers while cutting out cybercriminals.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
