Just when you think you are done talking about information security for awhile, the bad actors come along and prove you wrong. The latest is that black hats are targeting users of valuable sites with phishing ad and search engine results on Google and other search engines. The scam is that you search for your favorite website’s login, and the first hit is a phishing site that grabs your login information before forwarding you to the legit site.
In this case, it is users of the password manager “Bitwarden” and 1password that are the targets, but I have seen reports of similar attacks with other password managers, banking sites, and others. Recent research has shown that threat actors are using Google ads to fuel their malware delivery campaigns for initial access to corporate networks, to steal credentials, and for phishing attacks.
What’s interesting to me is that Google, YouTube, and other sites are busy clamping down on reports of the 2020 election, COVID vaccines, and everything else under the sun, but are actively allowing ads on their sites that are actual theft.
The best defense to this is the use of MFA that uses FIDO 2.0 or higher. The article that I linked to above says that hardware keys are cumbersome, but I have thus far found them easy to use, and certainly no more difficult than the authenticator apps that are out there. Another thing the article gets wrong is that all MFA is subject to “man in the middle” attacks. That may be true of authenticator and SMS versions of MFA, but the YubiKey system is not subject to man in the middle attacks, because the system uses the two keys of public key encryption to ensure that both parties are legitimate. I am sure that other hardware keys are available that do the same thing, I just have no experience with them.
You will note that Microsoft warned of this back in July and recommended the use of FIDO (Fast ID Online) 2.0 protocols for MFA. This rules out many authenticator apps as well as SMS methods of MFA. Note that the YubiKey 5 uses FIDO 2.0.
Be very, very wary of the websites that you are using. The crooks are getting more and more inventive every day.