By Ashwani Mishra, Editor-Technology, 63SATS
Multi-factor authentication (MFA) has long been hailed as a gold standard for digital security, adding an extra layer of protection beyond traditional passwords.
However, a New Zealand cybersecurity firm warns that MFA—especially when poorly implemented—won’t necessarily shield businesses and individuals from cyber threats. In fact, some of the most damaging breaches across Australia and New Zealand in recent years have exploited MFA vulnerabilities.
The Growing Cyber Threat Landscape
CyberCX, a cybersecurity firm, has released its latest threat intelligence report, painting a grim picture of the evolving cyber battlefield. Attackers are refining their tactics and increasing the frequency of attacks, making it harder for businesses to stay ahead. The report aligns with recent findings from the New Zealand government, which highlights an alarming rise in sophisticated cyber threats targeting both private enterprises and national infrastructure.
MFA Exploits: A New Favorite Among Hackers
One of the most startling revelations from CyberCX’s report is that three-quarters of the phishing attacks it responded to last year involved MFA bypass techniques. Cybercriminals are no longer merely tricking users into revealing passwords—they’re now manipulating MFA processes to gain unauthorized access to accounts and systems.
Hamish Krebs, Executive Director of Digital Forensics and Incident Response at CyberCX, warned that despite defenders’ efforts, cyber threats are escalating as attackers refine their tactics and accelerate attacks.
“Adversaries are increasingly targeting cloud infrastructure, cyber extortion groups persist despite law enforcement crackdowns, and the rise of Endpoint Detection and Response (EDR) is reshaping attack methods. MFA alone isn’t enough, Managed Service Providers (MSPs) remain vulnerable, and outdated infrastructure is a glaring security risk,” Krebs states.
The MFA Myth: A False Sense of Security?
Financial gain remains the primary motivator behind cyberattacks, accounting for 65% of the incidents CyberCX investigated last year. However, certain industries are being disproportionately targeted:
Healthcare: 17% of all incidents—making it the most targeted sector—due to the vast amounts of sensitive patient data cybercriminals can exploit.
Finance: 11% of attacks targeted banks and financial institutions, seeking access to monetary assets and confidential records.
The findings mirror global trends, where healthcare organizations have become prime targets for ransomware and data breaches, often struggling to recover from devastating cyber incidents.
The Future of Cybersecurity: A Multi-Layered Approach
While MFA remains an essential component of cybersecurity, it should not be relied upon as a standalone defense. Businesses and individuals must adopt a layered security strategy that includes strong passwords, endpoint detection, network monitoring, and continuous security awareness training.
As cybercriminals evolve, so too must our defenses. The key takeaway?
MFA is a powerful tool, but only when implemented correctly—and in combination with broader security measures. Otherwise, it could be the false sense of security that leads to your next breach.
