/* * This file is part of the Symfony package. * * (c) Fabien Potencier * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\String; if (!\function_exists(u::class)) { function u(?string $string = ''): UnicodeString { return new UnicodeString($string ?? ''); } } if (!\function_exists(b::class)) { function b(?string $string = ''): ByteString { return new ByteString($string ?? ''); } } if (!\function_exists(s::class)) { /** * @return UnicodeString|ByteString */ function s(?string $string = ''): AbstractString { $string = $string ?? ''; return preg_match('//u', $string) ? new UnicodeString($string) : new ByteString($string); } } Threat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to Fraud – OWASP Jakarta

Threat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to Fraud

The criminal prosecution of the threat actors behind the “OTP Agency” has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication.

The OTP Agency launched back in November of 2019. Their service was simple: if you have a compromised credential, their service would call the credential owner and pose as the website the account was for citing fraudulent activity, and ask the owner to verify themselves by providing the one-time password (OTP) sent to them via SMS.

In actuality, the threat actor would be logging on at the same time the call is placed so that, when prompted to provide the OTP, the Agency would obtain it and hand it over to the threat actor to complete their login.

OTP Agency charged a fee based on the type of site the threat actor wanted to access. £30 a week got you access to banking sites, whereas £380 a week got you access to Visa and Mastercard verification sites.

In a recent statement by the U.K.’s National Crime Agency, three U.K. residents ages 19-22 were arrested and pleaded guilty to fraud.

The simplicity of their service demonstrates how easily and quickly someone can get into the cybercrime game. And, based on their 5 year run, it also makes the case that users fall for this consistently – a clear reason why organizations need to enroll their employees in new-school security awareness training to educate them on techniques like the ones employees by OTP Agency and others, keeping credentials and the resources they provide access to secure.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.



https://blog.knowbe4.com/threat-actors-behind-mfa-bypass-service-otp-agency-plead-guilty-to-fraud

[ad_2]





0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *