Phishing attacks can be automated through a new penetration testing tool published by security researcher Piotr Duszyński. Modlishka is the name of the tool and it can bypass login operations for accounts protected by two-factor authentication (2FA).
Don Duncan, Security Engineer at NuData Security:
“While cybercriminals can get past two-factor authentication (2FA), this should only be one piece in the authentication stack and not the only one. This is why companies are using multi-layered authentication tools that can verify the legitimacy of a transaction from different angles. This way, if one of the layers is fooled by a bad actor, the other layers or tools can flag that activity. It is this in-depth defense that allows companies to provide an exceptional experience for customers while cutting out cybercriminals.”