Cyberattack Workarounds Overcoming MFA: What You Can Do to Ensure Data Resiliency Even If Ransomware Gets In

If you’re like most other IT pros, doing everything possible to fight against cyberattacks and ransomware and ensure data resiliency is probably your first priority. 

One step in that direction is the adoption of multifactor authentication (MFA). According to a recent Okta survey, 64 percent of users are authenticated using MFA as of January 2023, and MFA is used by 90 percent of administrators. 

That’s why this recent PCMag headline caught our eye: Has Multi-Factor Authentication Failed Us?. The article’s subhead explains that, even with the growth of MFA, data breaches continue to increase. A recent survey from Check Point Software proves the point, finding that global attacks rose seven percent in the first quarter of 2023, with each organization surveyed facing an average of 1,248 attacks per week.

MFA: Your First Line of Defense

First and foremost, we firmly believe that MFA is a valuable tool for ensuring data resiliency. But it isn’t perfect. 

The PCMag article refers to the Verizon 2023 Data Breach Investigation Report, which found that 83 percent of attacks involve the human element. That comes into play as individuals and admins can be tricked, and vulnerabilities can be exploited even when MFA is being used.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory that affirms that MFA is one of the most essential cybersecurity practices you can employ to reduce the risk of intrusions, noting that users who enable MFA are 99 percent less likely to have an account compromised. 

MFA Can Be Exploited

The CISA advisory also shares the story of an MFA exploit from May of last year that is telling. It describes how Russian state-sponsored cyber actors had gained network access by exploiting default MFA protocols—by taking advantage of a misconfigured account set to default MFA protocols—at a non-governmental organization (NGO). 

That allowed the hackers to enroll a new device for MFA and access the victim's network. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. That enabled access to cloud and email accounts for document exfiltration.

Another attack involving MFA protections for a Sitel customer service agent account occurred in January 2022. The Okta Security team was alerted that a new factor was added to a Sitel customer support engineer's Okta account. While the problem began with Sitel, Okta estimated that nearly 1,000 credentials across more than 130 companies were stolen directly from companies or through subsequent breaches. 

And in September 2022, an Uber EXT contractor’s account was compromised by what’s called “MFA Fatigue.” That’s where the hacker keeps prompting the user to approve the authentication until they simply OK the request to make it disappear. According to Uber, it worked, with the attacker accessing several other employee accounts—which ultimately gave the attacker elevated permissions to several tools, including G-Suite and Slack.

Why You Need to Add a Last Line of Defense

Once an attacker gets into your systems, they can wreak havoc. The first response is to shut down networks and systems to prevent further exploitation and start recovery. But that is a very costly decision. 

The Uptime Institute’s 2022 Outage Analysis found that 80 percent of data center operators and managers had experienced some type of outage in the past three years. And most organizations can only guess how much that downtime costs in dollars and damage to their reputations—until it happens. Meanwhile, an IBM study found that the average cost of a data breach in the United States is $9.44 million. 

Add it all up, and it’s clear that a comprehensive approach to data resiliency is your best bet for overcoming vulnerabilities, whether they result from hacker MFA workarounds or a successful ransomware attack.

That includes adhering to the 3-2-1-1 backup strategy, with one copy of your backups in immutable storage, a write-once-read-many-times format that can't be altered or deleted. And unlike data encryption, there is no key, so there shouldn't be any way to "read" or reverse the immutability. An immutable copy of your data is impervious to ransomware infections.

Arcserve gives you plenty of proven options that add a last line of defense to ensure your data is always safeguarded, resilient, and recoverable.

Unified Data Protection: Protection, Prevention, and Recovery

It takes a comprehensive approach to data protection to ensure data resiliency. That’s precisely what Arcserve Unified Data Protection (UDP) delivers, with an all-in-one data solution that neutralizes ransomware attacks, makes it easy to restore your data, and performs effective disaster recovery.

Arcserve UDP is safeguarded by Sophos Intercept X Advanced cybersecurity, uniquely combining deep-learning server protection, immutable storage, and scalable onsite and offsite business continuity for multilayered, complete IT resiliency, protecting against data loss and extended downtime across your cloud, local, virtual, hyperconverged, and SaaS workloads.

With Arcserve UDP, you can reduce your downtime from days to minutes and validate recovery time and recovery point objectives (RPOs/RTOs) and service-level agreements (SLAs) with automated testing and granular reporting. 

Some MFA breaches have resulted in ransomware, including an attack on Cisco. Arcserve UDP ensures your backups are protected when saved in immutable format, thanks to support for Amazon S3 Object Lock in the cloud and onsite and offsite immutable storage, including integration with Arcserve OneXafe immutable network-attached storage appliances. 

Talk to the Data Resilience Experts

Besides serving customers, Arcserve Technology Partners spend their days staying up-to-date on the latest threats, vulnerabilities, and technologies that ensure data resiliency. 

Take advantage of their experience by choosing an Arcserve partner here. To learn more about Arcserve UDP, request a demo.