Navigating MFA Phishing: Breaches, Countermeasures and Emerging Threats
The talk will focus on how companies that have implemented MFA are still falling victim to breaches, giving an overview of the various implementations of MFA, and describing how attackers are adapting their tactics to defeat these. The challenges that defenders face in mitigating these attacks will also be explored. To address these challenges, the presentation will explain why WebAuthn is the best standard for MFA and provide an easy-to-understand explanation of all the complex terminologies. Additionally, some new techniques for MFA phishing that work on fallback mechanisms will be examined, and strategies that defenders can implement to prevent and mitigate these attacks will be discussed. Throughout the presentation, attendees will gain a better understanding of the risks associated with MFA phishing and how to implement effective countermeasures to safeguard their organization.
Nadeem Salim is currently a Principal Security Engineer within SEEK Australia's offensive security team. Previously he lead the technical practise of a large security consultancy in Melbourne. He has over 16 years of experience in the industry focused on offensive security and performing security assessments. Nadeem specialises in adversary simulations, mobile and MacOS security. He has presented at several conferences including CrikeyCon, Bsides Melbourne, CRESTCon, WAHCKon and AusCERT.