Enterprises look to Ping to help them provide secure and seamless access to the resources their customers, employees and partners require. Part of our commitment to our customers is not only to deliver intelligent identity solutions that tackle today’s identity challenges, but also to keep abreast of potential new threats in our fast-changing environment.
A year ago, the Ping CTO office predicted increased attacks on multi-factor authentication (MFA), and that prediction has come true—although we anticipate you’ll see fewer successful attacks against MFA in the coming year. But while companies have increased security to protect against such attacks, often by moving past SMS and on to one-time passcodes (OTPs) instead, attackers have also changed their approach by building tools to help them more easily phish OTP credentials.
Recently Modlishka, an even easier tool for hackers than the two-factor phishing tool ReelPhish, has gained notoriety. Modlishka, which automates the phishing of one-time passcodes, could potentially cause your users to unintentionally hand over their credentials to bad actors.
But the security industry is not standing still. Here’s what we’re seeing in the industry and what we at Ping are doing to help your organization guard against Modlishka-type phishing attacks.