Though 2FA reduces the risk of unauthorized access, it’s not completely error-free.

Recently, the security researchers at Cato CTRL identified that the threat actor ProKYC has been selling tools to bypass two-factor authentication.

ProKYC represents a sophisticated “deepfake” tool being marketed in “cybercriminal underground forums.” This toolkit is designed to evade two-factor authentication (2FA) and KYC verification systems used by cryptocurrency exchanges. 

The tool leverages advanced AI to generate both “forged government-issued documents” and “manipulated facial recognition videos.” which enables threat actors to create fake identities.

Analyse Any Suspicious Files With ANY.RUN: Intergarte With You Security Team -> Try for Free

Hackers Selling ProKYC Tools

What makes ProKYC particularly concerning is its “dual-capability” system. 

It first produces high-quality fake documents (like “Australian passports”) with AI-generated faces complete with authentic-looking security features (“overlaid official stamps”).

Then it creates convincing deepfake videos that can pass dynamic facial recognition challenges requiring specific head movements. 

These fake identities facilitate “NAF,” which caused “$5.3 billion” in losses in 2023 (more than from “$3.9 billion” in 2022). 

The tool specifically targets “multi-factor authentication systems” that combine something you have (“ID documents”), something you know (“passwords”), and something you are (“biometric verification“). 

The report reads that during the verification process, the ProKYC actors intercept and replace the genuine webcam input with pre-generated deep fake videos.

This helped them to successfully bypass the security measures on platforms like “ByBit exchange,” despite minor visual artifacts in the fake videos. 

Not only that, but this automated approach also represents a significant evolution from traditional document forgery methods that enable the real-time creation of synthetic identities for large-scale “money laundering” operations and “mule account” creation.

Digital forensics experts identify several indicative markers of manipulated content in deepfake detection like “abnormally high-resolution quality in images” (typically exceeding 4K) or “videos” (60+ FPS), and “inconsistencies in facial feature movements.”

To combat these evolving threats, organizations are implementing multi-layered security approaches (“HUMINT gathering,” “OSINT monitoring,” and “advanced threat detection systems that employ ML algorithms”). 

These systems analyze ‘behavioral biometrics,’ ‘device fingerprinting,’ and ‘network pattern analysis’ to identify potential security breaches. 

Moreover, organizations are also incorporating ‘Zero Trust Architecture principles,’ while maintaining robust “SIEM” systems to monitor and respond to suspicious activities in real-time.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)

The post Hackers Selling ProKYC Tools To Bypass Two-Factor Authentication appeared first on Cyber Security News.

Themes and plugins that are used by millions of WordPress websites worldwide can be updated and changed by accounts that have commit access. 

To stop illegal access and preserve the security and confidence of the WordPress community, these accounts must be kept secure.

Two-factor authentication serves as an additional layer of defense to prevent unauthorized third parties from accessing your accounts.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

Configuring Two-Factor Authentication

Set Up A Security Key

When logging into your WordPress.org account, security keys offer an extra degree of protection by utilizing digital cryptography, hardware keys, or biometrics. 

• Go to your profile at https://profiles.wordpress.org/me/profile/edit/.
• Click on the Account & Security tab.
• Click Two-factor security Key
• Click Register new key
• Input a key name in the Name field and click Register.
• Follow the steps specific to your browser to add your security key.

Set Up A Time-Based One-Time Password (TOTP)

Time-Based One-Time Passwords (TOTPs) are temporary codes created by an authentication app on your mobile device. These codes are used to confirm your identity when logging in. They change every 30 seconds.

• Visit your profile at https://profiles.wordpress.org/me/profile/edit/.
• Click on the Account & Security tab.
• Click Two-factor app.
• Scan the QR code with your authenticator app.
• If you cannot scan the QR code, click the “Can’t scan the QR code?” link to get a one-time code to enter into your authenticator app.
• A six-digit number code will appear in your authenticator app. Type the code in the field provided.
• Click Enable.

Generate Backup Codes

When you lose access to the configured app or second-factor security key, you can utilize backup codes, which are one-time use codes. 

•  Visit your profile at https://profiles.wordpress.org/me/profile/edit/.
• Click on the Account & Security tab.
• Click Two-factor backup codes.
• Ten backup codes will be generated.
• Print, copy, or save the backup codes.
• Click I have printed or saved these codes checkbox.
• Click All Finished.

“If you have access to any of our internal tools, are a committer, plugin author, theme author, manage WordCamp websites, or have any other other trusted role you should have two-factor authentication enabled”, reads the notification

Some access / capabilities which are assigned to your account may be limited if you do not have two-factor enabled.

It is also mentioned that due to technical constraints, 2FA cannot be applied to code repositories that already exist.

Consequently, a combination of high-entropy SVN passwords, deploy-time security features (like Release Confirmations), and account-level two-factor authentication has been used.

Introducing SVN Passwords

In addition to required 2FA, WordPress.org announced the introduction of SVN passwords, which replace your user account password with an SVN-specific password when committing changes.

This password works similarly to a user account password or application password. It shields your primary password from attackers and makes it simple to revoke SVN access without requiring you to change your WordPress.org credentials. 

Therefore, WordPress.org recommends that two-factor authentication be set up for everyone. Along with offering several advantages, this extra layer of security will aid in preventing security breaches.

Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar

The post WordPress To Mandate 2FA for Theme And Plugin Developers appeared first on Cyber Security News.

To bypass 2FA, attackers leverage social engineering to trick users into revealing OTPs and utilize tools to automate these manipulations, including OTP bots and phishing kit administration panels. 

OTP (One-Time Password) and TOTP (Time-Based One-Time Password) are both methods used for securing authentication processes, but they differ in how they generate the temporary passwords.

OTPs are passwords that are valid for only one login session or transaction, typically sent to a user via SMS or email.

In contrast, otp vs totp, TOTP is a specific type of OTP that is time-based, generating a new password at fixed intervals (usually every 30 seconds) using an algorithm and a shared secret key. While OTPs can be triggered in various ways, TOTPs rely on the current time and are commonly used in two-factor authentication apps.

In risk based authentication, OTP bots are malicious software designed to steal one-time passwords (OTPs) used for two-factor authentication (2FA), where attackers first obtain a victim’s login credentials and use them to trigger an OTP on the victim’s phone.

Free Webinar on 3 Security Trends to Maximize MSP Growth -> Register For Free

The bot then calls the victim with a social engineering script to trick them into revealing the OTP over the phone and the attacker receives the OTP through a control panel and uses it to gain access to the victim’s account. 

The OTP bot utilizes a subscription service with various tiers, paid in cryptocurrency. After acquiring victim credentials, the scammer sets up a call by selecting an impersonation category (bank, email service, etc.) and manually entering the specific organization name, victim’s name, and phone number. 

Optionally, the last four digits of the victim’s card can be added for social engineering, and advanced call customization options are available. 

It is designed to bypass two-factor authentication and is configured for a phishing attack. The attacker can specify the organization’s phone number to be displayed on the victim’s caller ID and choose a language and voice (including regional variations) for the bot to use during the call. 

The bot can also detect voicemail and hang up automatically. To further customize the attack, the attacker can import their own scripts to impersonate specific organizations not included in the bot’s pre-built options. 

Scammers often rely on phishing scams to steal a victim’s login credentials by tricking users into entering their login information on fake websites that mimic legitimate ones. 

Phishing attacks can target various personal details, and scammers may exploit this by harvesting additional data, like email addresses and passwords, during the initial login attempt. 

This stolen information, combined with an automated one-time password (OTP) bypass bot, can grant scammers access to multiple accounts linked to the victim’s email or phone number, potentially causing significant damage. 

Phishing kits are evolving to steal one-time passwords (OTPs) in real-time, bypassing 2FA, where scammers use an admin panel to control a phishing website that mimics a bank login, and once a victim enters their credentials, the scammer can see them through the panel and use them to log in to the real bank website. 

The phishing site then prompts for the OTP, which the scammer can steal and use to complete the login and potentially steal the victim’s money, as SecureList identified over 1200 phishing pages and nearly 70,000 attempted visits to these sites in May 2024.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot.

The post Hackers Using OTP Bots To Bypass Two-Factor Authentication appeared first on Cyber Security News.