Digital Security is it as safe as they say it is?
“Most companies that use MFA are still successfully hacked.” — Roger Grimes, 2018
Digital security is globally accepted as the ‘resources employed to protect your online identity, data, and other online assets’.
The global pandemic radically changed the digital landscape, forcing a majority of employees to adopt the ‘work from home’ model. This increased the number of people requiring remote access to their networks. Corporates invest heavily in physical security infrastructure, software applications and predominantly multi-factor technology to secure digital capital.
‘2MFA’* is based on something a person knows (password), something that they have (device) and or something they are (biometrics). However, most, if not all the companies that have been compromised, use MFA technology.
Synapser has revolutionised the 2MFA technology paradigm with their flagship product Entry; this application is a mobile device based, multi-factor authentication system which turns the user’s phone into the “password” authenticator and can be integrated with software applications.
As we saw in July 2021, Kaseya VSA (Virtual System Administrator), the newest version of their remote monitoring and management (RMM) solution for managed service providers, was hit by a Zero-Day **supply chain attack. The cyber-criminals exploited a vulnerability within the credential disclosure and business logic code, (CVE-2021-30116).
Hackers intercept usernames, passwords, OTP and 3rd party generated tokens which are unknowingly deemed as valid by the system, ultimately allowing the burglar into the house, so to speak. Additionally, SIM swapping leaves users entirely vulnerable as any future SMS for authentication will be received by the thief.
Entry uniquely creates proprietary DNA to identify the user’s device, so no password, 3rd party token or One Time Pin is required. SIM swapping is no longer a threat, as the application DNA will not correspond in any way, effectively rendering the device inoperative. Entry further verifies that the user registered and authorised by the system is the same user requesting access. Every transaction on the platform uses this uniquely developed technology, ensuring a secure means of access and interaction by the user to specified systems, networks, applications and or websites.
This level of security is unprecedented, adding layers of protection for the user and the systems they are authorised to access. The dynamic token is never revealed at any stage of engagement, so it cannot be shared, coerced from the user, stolen by over the shoulder copying or hackers. All personal information is stored in Synapser’s Virtual Private Cloud, with additional encryption, thereby providing full compliance to stipulated regulations.
Synapser’s mission is to provide a safe and trusted digital site of operation.
Entry is integrated with all modern technology platforms and will appeal to all industry settings.
Notes:
* Multi-factor authentication is an electronic method in which a user is granted access to a website or application, only after successfully presenting two or more pieces of evidence to an authentication mechanism.
** In a supply chain attack, an attacker goes after a trusted vendor or product instead of attacking their targets directly.
References:
https://www.tenable.com/cve/CVE-2021-30116
https://www.varonis.com/blog/revil-msp-supply-chain-attack/
https://www.varonis.com/blog/solarwinds-sunburst-backdoor-inside-the-stealthy-apt-campaign/
Articles of interest:
https://portswigger.net/web-security/authentication
https://theconversation.com/can-i-still-be-hacked-with-2fa-enabled-144682