Major bank hacks and the growth of the Internet of Things make the process essential
Although many of us use two-factor authentication (2FA) in some aspects of our security, a lot of people are slow to realize just how important it is – and how important it will be in the near future.
One growing and very concerning security problem is that of bank hacking. CNN reported earlier this month that, “North Korea-linked hackers are attacking banks worldwide,” and that “North Korea’s hacking operations are growing and getting more bold…increasingly targeting financial institutions worldwide.”
Banks in 18 countries were targeted, with the regime reportedly seeking funds for its military programs.
Also early in April came news of an ‘unprecedented’ hack of a Brazilian bank. The Russian security firm Kaspersky, which also investigated the North Korean hacks, documented what Wired described as “wholesale bank fraud, one that essentially hijacked a bank’s entire internet footprint.”
For five hours, online customers of the bank were rerouted to expertly reconstructed fake sites, where bank details were unwittingly entered. However, two-factor authentication, also known as 2-step verification, could have prevented the whole thing.
‘Well beyond’ the username and password days
TechDigg spoke to the security firm Authy, which provides a free 2FA app for use with Facebook, Google and Dropbox among many others.
Authy believes attacks in markets like Latin America tend to be practice runs to go after the bigger targets in the US or Europe.
“It’s time for banks to wake up and accept that passwords alone aren’t sufficient for protecting either customer or employee accounts. Without two-factor authentication, it’s not a question of if, but when attackers will break through,” the company told TechDigg.
Authy explains that while the Brazilian bank attack was among the most sophisticated attacks to occur in recent times, it could have been prevented simply by implementing or activating two-factor authentication to secure access to the bank’s DNS accounts.
“If the thieves had never gotten control of the bank’s domain, the rest of the heist – the fake bank, the spearphishing, the account takeover, etc. – could never have happened,” said Authy, which provides 2FA to both individuals and businesses.
The company added that we are “well beyond” the days where security can be trusted to a static password and username. But that doesn’t mean the solution has to be over-complex.
In the case of the Brazilian bank attack, a simple one-time password (OTP) or push authentication could have alerted the DNS administrators to the fraudulent access before the cybercriminals got access to everything, experts noted.
The company told TechDigg that: “2FA dramatically improves upon traditional account security – a lone username and password – in adding an additional layer of authentication, delivered through a push notification, SMS, or voice call directly to the legitimate user’s device.
“This is important not just for the initial login, but step up security once a user gains access to an entire system and attempts to perform an high-risk action (such as changing the DNS infrastructure).”
2FA and the Internet of Things
If increasingly sophisticated bank hacking is one concern that looms large on the horizon, then another is the growing Internet of Things (IoT).
Widely interconnected devices and services, including eventually most or all devices in the home, is a hugely helpful and exciting development, and should of course be no more feared than any other technological advancement.
It does, however, mean that as more things are online, connected and accessible, there are more entry points for hackers. Gaining entry through just one of those points could also mean access to vastly more information than it has in the past.
Using 2FA wherever possible closes off more and more entry points to potential attackers.