Security Alert Issued for Google and Microsoft Users Amid Rise in 2FA Bypass Attacks
news
2 min read
Google and Microsoft Users Warned as New 2FA Bypass Attacks Reported
Security researchers have sounded the alarm for Google and Microsoft users, cautioning them against a new wave of two-factor authentication (2FA) bypass attacks. This latest threat comes in the form of FlowerStorm, a phishing-as-a-service resource that shares numerous similarities with its predecessor, Rockstar 2FA.
According to Sophos researchers, who have been tracking this issue closely, FlowerStorm has been active since at least June 2024 and boasts features identical to those seen in Rockstar 2FA. The team behind Sophos X-Ops has observed a significant surge in the use of PaaS portals associated with FlowerStorm following the disruption of Rockstar 2FA.
FlowerStorm’s phishing portal pages, as well as its connection to its backend server, display striking similarities to those found on Rockstar 2FA. As a result, Google and Microsoft users are advised to be vigilant for any signs of phishing, as this is where most 2FA bypass attacks begin.
To mitigate the risk posed by FlowerStorm, both Google and Microsoft recommend the use of passkeys as an additional layer of security. These passkeys have been shown to provide stronger protection against automated bots, bulk phishing attacks, and targeted attacks than traditional SMS-based one-time passwords or other forms of two-factor authentication.
In their warning, a Google spokesperson emphasized the numerous protections available to combat such attacks, including but not limited to passkeys. This additional security measure is designed to reduce the impact of phishing and other social engineering attempts.
With this new threat on the horizon, it is essential for all users to remain cautious and take proactive measures to safeguard their online accounts. The warning serves as a timely reminder that even the most seemingly secure systems can be vulnerable to exploitation if not properly protected.
As we continue to navigate the ever-evolving landscape of cyber threats, it is crucial that we prioritize education, awareness, and collaboration to stay ahead of these emerging dangers. By doing so, we can work together to ensure our online security remains robust and resilient against malicious attacks.
Source: www.forbes.com
