Cybersecurity tip of the day: 2FA is no longer enough if your 2FA uses an email account for the OTP -- you need the entire chain to be 2FA and at some point for there to be a true out-of-band channel (mobile, passkey, hard token, etc.)
The AI-driven attack I'm tracking is a mass compromise of email, starting with 1FA accounts and using that to move on to 2FA accounts.
This AI attack represents a first-of-its kind in the world -- weaponized AI is actively driving this attack...on a global scale.
Currently, first-level targets are 1FA protected accounts for large suppliers (millions of users). Compromised accounts are used to go after 2FA accounts that are linked to them. Lather, rinse, repeat...wipe hands on pants.
@ATXJane The scale and *remarkable* subtlety of this thing is amazing. I'm not sure that anyone else even knows that they're under attack.
I’d appreciate hearing more about it. Can’t say that I’m surprised though.
@ATXJane Happy to provide any info I can. I gave some of the details in the thread, but to elaborate:
The attack is designed to fly under the radar - it's very difficult to detect and actively avoids mitigating controls like account lockout, etc.
When an account is compromised, one of the first things we see is for the attack to shift to IMAP to go through emails in the account looking for 2FA PINs...and then hitting those accounts.
@Nikto
Yikes. 😳