2FA is good, but not perfect.
Two-factor authentication (2FA) can be an important component of the steps you take to keep your accounts and data secure, but it’s not without its drawbacks. As if existing threats were not enough, we now learn about how Russian state-sponsored hackers are undermining authentication on supposedly secure systems and disguising their access as that of legitimate account holders.
Back in May 2021, hackers used accounts associated with an unnamed non-governmental organization (NGO) and gained access to sensitive data, according to a new report from the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA). Weak passwords and a long inactive account did not help the victims here – the attackers were able to get inside the old account, activate it and register in 2FA. Once the system considered the hacked account to be legitimate, the cyber attackers could run rampant – and they did so by exploiting the severe Windows Print Spooler “PrintNightmare” vulnerability.
ANDROID POLICE DAY VIDEO
PrintNightmare surfaced last summer and is a fairly serious vulnerability that exposes Windows systems to arbitrary code execution. Once compromised, the attacker can do almost anything they want with full permissions at the system level. While the incident we’re reviewing today didn’t reveal any new vulnerability in 2FA, it makes it clear that system hygiene is everything. Whether you’re setting up accounts on the new Galaxy S22 or you’re an administrator managing an entire NGO network, good password practice and deleting old, unused accounts are two particularly important steps to keeping systems secure.
As the BBC reported in February, almost three-quarters of ransomware money ends up in the coffers of hackers with ties only to Russia. If there is a way to compromise the system for profit or gain knowledge, chances are good that someone – either alone or with government support – is already working on a way to get in (assuming they haven’t found it yet). We just need to stay vigilant and stay tuned for device updates.
First beta version of Paranoid Android Sapphire released
Read more
about the author
Steve Huff (60 articles published)
Steve is the weekend news editor for Android Police. Previously, he was Associate Digital Editor for Maxim magazine and has written for Inside Hook, Observer and New York Mag. He is the author of two official spin-off books for the prequel to AMC’s Breaking Bad hit Better Call Saul.
Other works by Steve Huff