Businesses are increasingly adopting security measures, from passkeys to multifactor authentication (MFA), to safeguard sensitive information and bolster their cybersecurity. However, it’s crucial for security teams to acknowledge that these measures may not provide comprehensive protection for user data.
As enterprises implement new defenses to secure their networks, cybercriminals are simultaneously evolving their tactics to bypass these barriers. They are employing techniques like session hijacking and account takeover to circumvent passkeys and MFA, gaining unauthorized access to corporate systems. This is exacerbated by the fact that these tactics are largely facilitated by malware, which poses a significant challenge to security efforts.
Malware operates swiftly and discreetly, pilfering substantial amounts of accurate authentication data, including personally identifiable information (PII) such as login credentials, financial details, and authentication cookies. Some malware is even beginning to target local key vaults, like those managed by password managers, many of which have implemented passkey solutions. Last year, there were over 4 billion attempted malware attacks, making it the preferred method for cyberattacks. Moreover, SpyCloud’s “2023 Annual Identity Exposure Report” revealed that more than 22 million unique devices fell victim to malware, with the stolen data finding its way to criminal networks for use in various attacks.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: