New attack techniques bypass 2FA protection
Two-factor authentication (2FA) has long been considered an effective defense against phishing attacks. However, cybercriminals have refined their methods and are using new techniques to gain access to networks and devices despite 2FA. Companies must therefore adapt their security strategies to ensure they are prepared to defend against modern attack methods.
Why is phishing still successful despite 2FA?
Modern phishing methods bypass two-factor authentication by directly intercepting login credentials and session tokens. Particularly dangerous types of attacks include:
- Browser-in-the-browser attacks: Fake login windows trick users and forward their login credentials to attackers.
- Evilginx phishing: A man-in-the-middle attack in which the hacker positions themselves between the user and the server and intercepts the authentication credentials.
- Device Code Phishing: Attackers pose as IT support staff and convince victims to log in to a legitimate website—thereby granting the attacker access.
Such attacks allow criminals to steal access tokens, which eliminate the need for re-authentication. This gives them permanent access to corporate networks and cloud services.
How can companies protect themselves?
1. Implement Passkey and FIDO2 authentication
- FIDO2 and passkeys replace traditional passwords with cryptographic key pairs.
- Keys are tied to the provider's domain —fake login pages won't work.
- Password theft is not possible because private keys never leave the device.
2. Step up security awareness and training
- Employee training must address current phishing methods.
- Simulated phishing campaigns help make the danger tangible.
- Raising awareness of social engineering attacks, particularly in the IT support sector.
3. Use SIEM and SOC for attack detection
- Security Information and Event Management (SIEM) collects log data and detects suspicious activity.
- The Security Operations Center (SOC) monitors in real time and blocks attacks immediately.
- Security Orchestration, Automation, and Response (SOAR) automates defensive measures.
4. Managed Security Services for Small and Medium-Sized Businesses
- Many small and medium-sized businesses do not have the resources to maintain their own SOC —this is where Managed Detection and Response (MDR) services can help.
- Specialized analysts monitor suspicious activity and provide recommendations for action.
- MDR services offer a level of security comparable to that of large corporations, but without the high internal overhead.
Conclusion: Modern authentication and rapid response are crucial
Cybercriminals have refined their methods to circumvent traditional two-factor authentication (2FA) measures. Phishing remains one of the biggest threat vectors for businesses. However, a combination of FIDO2 authentication, awareness training, SIEM monitoring, and managed security services can help provide effective protection against attacks.
Companies that adapt their security strategy now can significantly reduce the risk of successful phishing attacks and reliably secure their networks.