Sophisticated Cyber Attacks Exploit Trust in MFA and User Behavior
Severity: High (Score: 67.5)
Sources: Darktrace
Published: · Updated:
Keywords: modern, front, attacks, always, announce, themselves, follow
Severity indicators: defense
Summary
In recent incidents, attackers have successfully bypassed multi-factor authentication (MFA) by hijacking authenticated sessions, demonstrating that strong controls do not guarantee security. A CISO from a professional sports organization reported an attack where a session was re-injected by a hacker, allowing impersonation without triggering traditional controls. Additionally, a U.S.-based risk management provider experienced a breach due to a user entering credentials on a malicious site, which was only partially mitigated by existing security tools. Darktrace's AI technology detected these anomalies, blocking further damage in some cases. Misconfigurations and human errors continue to create vulnerabilities, as highlighted by a CIO's report of a breach via misconfigured MFA. The incidents underscore the need for advanced detection methods and a reevaluation of reliance on traditional security measures. Key Points: • Attackers bypassed MFA by hijacking authenticated sessions, posing significant risks. • Human errors and misconfigurations remain critical vulnerabilities in cybersecurity. • AI-driven detection tools like Darktrace are essential for identifying and mitigating threats.
Detailed Analysis
**Impact** Organizations across multiple sectors including professional sports, risk management services, utility services, global business services, and pharmaceutical labs in the U.S. and globally have been affected. The attacks exploited trusted user sessions and human error, resulting in compromised authenticated sessions, potential ransomware incidents, and unauthorized access attempts. Data at risk includes user credentials, internal network access, and sensitive corporate information, with some attacks halted before execution but indicating prolonged undetected exposure. **Technical Details** Attackers bypassed multi-factor authentication by hijacking and reusing authenticated sessions rather than breaking MFA directly. Phishing emails led to credential theft, and misconfigurations in MFA and ZTNA VPNs enabled network breaches. Dormant ransomware artifacts were discovered within environments, and unusual user behaviors such as anomalous logins and proxy connections were detected. No specific malware names, CVEs, or IOCs were provided in the source materials. **Recommended Response** Prioritize deployment of AI-driven anomaly detection systems capable of identifying subtle deviations in user behavior and session activity. Harden MFA configurations and review ZTNA VPN setups to close misconfiguration gaps. Implement continuous monitoring for session hijacking indicators and conduct user training to reduce credential phishing risks. Where autonomous response is available, enable it to block suspicious activity immediately.
Source articles (2)
- Security leaders share front — Darktrace · 2026-06-01
Modern attacks don’t always announce themselves, follow obvious patterns, or rely on known malware. Often, they move quietly inside trusted systems, authenticated sessions, and everyday behavior. That… - Defend What You Trust: Stories from the Front Lines of Modern Cyber Defense — Darktrace · 2026-06-01
Modern attacks don’t always announce themselves, follow obvious patterns, or rely on known malware. Often, they move quietly inside trusted systems, authenticated sessions, and everyday behavior. That…
Timeline
- Recent — Attack bypassed MFA: A CISO reported an attack where a session was hijacked, allowing impersonation without triggering controls.
- Recent — User credentials compromised: A VP of IT shared an incident where a user entered credentials on a malicious site, leading to a breach.
- Recent — Misconfigured MFA detected: A CIO reported a breach via ZTNA VPN due to misconfigured MFA, which was blocked by Darktrace.
Related entities
- Ransomware (Attack Type)
- China (Country)
- Singapore (Country)
- Manufacturing (Industry)
- Pharmaceutical (Industry)
- Microsoft 365 (Platform)