There’s been a few cyber breaches in the news lately where the attackers directly undermined or bypassed multi-factor authentication, so I thought I’d share a slide I created and use frequently (based on a modified version of Roger Grimes’ excellent list). The key take-away: at least half of these MFA bypass attacks are trivial, if not fully automatable, if you own the endpoint.
I often hear (if not directly stated, then implied) that the endpoint doesn’t really matter in a privileged access scenario, because we use <PIM/PAM solution> and MFA. That is not true, and almost every cyber breach of a large enterprise (especially in industries such as financial services/banking) bears this out.
It is critically-important that you make use of a dedicated administrative workstation, with restricted Internet access, no email, etc., in highly privileged access scenarios. This is in addition to PIM/PAM and MFA. PIM/PAM solutions and MFA are helpful, but they are not the silver bullet they are often made out to be.
