There has been a recent surge in cyber attacks which dodge past multi-factor authentication (MFA) security measures, putting data center systems at risk. The challenge for data centers lies in the need to align with an overall enterprise security strategy that may hold onto legacy MFA protocols and the need to progress past traditional MFA to meet the unique security needs of data centers.
In August, attackers tricked a Cisco employee into accepting an MFA request, and were able to access critical internal systems.
Related: Software Bill of Materials: Managing Software Cybersecurity Risks
In September, attackers bought the password of an Uber contractor on the dark web, and repeatedly tried logging in the stolen credentials, Uber reported. At first, the login attempts were blocked by MFA, but eventually the contractor accepted the request and the attackers got in. They were able to access a number of company tools, including G-Suite and Slack.
More embarrassingly, in August, attackers were able to compromise Twilio’s widely-used MFA service. They did so by tricking multiple Twilio employees into sharing their credentials and MFA authorizations. More than a hundred Twilio customers were compromised, including Okta and Signal.