Multi-Factor Authentication (MFA) is a critical security control in the increasingly cloud-first world, but like all software, there can be vulnerabilities. The Varonis Threat Research team discovered, and responsibly disclosed, a vulnerability in Box's implementation of MFA which could have allowed an attacker to gain unauthorized access to a Box environment.
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team use the Varonis threat research as a jumping-off point to discuss cloud defense-in-depth strategy, and layered security controls can help mitigate damage from the next inevitable vulnerability.
To learn more about the MFA bypass threat research, please visit:
https://www.varonis.com/blog/box-mfa-bypass-totp/
Watch Varonis threat researcher Kody Kinzie demonstrates how an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data *without* providing a one-time password.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.