Protecting Your Identity: Is MFA Enough?

Many organisations rely on multi-factor authentication (MFA) for identity security. But, while MFA provides an extra layer of security, it’s not enough to secure credentials, often creating a false sense of security.

As an example, a new threat from cybercriminal group, Lapsus$ Group, appeared on the FBI's most-wanted list in March 2022, with one attack vector standing out: identities compromised with Infostealer Malware. In most cases, when the infection goes unnoticed, this malware obtains credentials saved in victims’ browsers. Hours, days, or years later, credentials to corporate or personal infrastructures are obtained by threat actors, who are able to seamlessly hijack sessions undetected, by appearing as an employee.

In this on-demand webinar, drawing from his experience as a former member of an elite Russia-based hacking group, Dmitry Smilyanets shares real-world examples of the techniques threat actors use to get around MFA, and what you can do to thwart their efforts and protect identities within your organisation.