Multifactor authentication (MFA) is now a mandate for many regulations, cyber insurance policies, and presidential executive orders—just as attackers are finding ways to bypass it.

“It’s as though we waited to make sure that the hackers had a way around it before we decided to mandate it,” Stewart Baker, of counsel at Steptoe & Johnson LLP, said during a panel at the CISO-focused Shift Up Summit hosted in Manhattan this month, referring to MFA.

Here are some ways that attackers are getting around MFA:

1. MFA fatigue: Threat actors pepper the targeted user with alerts to confirm authentication, hoping that, like an exhausted parent tired of “Are we there yet?” the target will accept, just to make it all stop.

An example: KrebsonSecurity reported on March 26 that some Apple customers received a plethora of push notifications, complete with Apple Support impersonators calling the individuals to say their account had been compromised and a one-time passcode required verification.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

You’re already reading the newsletter, but did you know you can also listen to and/or watch the wittiest and smartest takes on business news?

Morning Brew Daily hosts Neal Freyman and Toby Howell have you covered on everything you need to know before your cup of coffee, from the latest headlines on the economy to explanations of viral TikTok trends.

You’ll look so smart in front of your friends.

New episodes are released every weekday at 7am ET. Check ’em out on YouTube or wherever you get your podcasts.

On April 1, comedian Jon Stewart let loose on AI, calling out the tech industry for “false promises” about the technology. And no, it wasn’t an April Fool’s joke.

The Daily Show host isn’t the only one asking questions. After over a year of relentless hype and excitement, AI is coming back down to earth. In late January, AI companies lost $190 billion in market cap after weak quarterly reports from Alphabet, Microsoft, and Advanced Micro Devices.

Value judgment. New research from The Information indicates that AI startup valuations are dropping. According to reporter Stephanie Palazzolo, AI-related startups—ones that offer large language model services—have seen investor revenue predictions drop.

“On average, investors valued these companies at 83 times their projected sales—usually calculated as annualized revenue, or 12 times their monthly revenue at the time of the investment,” Palazzolo wrote. “In comparison, three of the four AI startups that have raised money since then have done so at half of the revenue multiple of the original eight, on average.”

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

2024 may be zooming by, but IT Brew has you covered—here’s our ongoing roundup of three of the most interesting tech news stories from around the world in the last month.

Under the sea

Damage to undersea fiber-optic cables by attacks in the Red Sea have illustrated the vulnerability of international data traffic—and a project to bypass critical choke points by laying cable through the Northwest Passage is taking shape.

Politico EU reported the approximately €1 billion (or around $1.08 billion) Far North Fiber project, which will span about 9,000 miles and directly connect Alaska, Ireland, Japan, and Norway, is on track for a 2027 rollout date. The route is largely possible due to climate change, as parts of the route used to be blocked or at risk from sea ice that is now thawing.

Keep reading here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Batten down the hatches. Get this: 29% of web attacks targeted APIs between January and December 2023. This means APIs are a focus area for cybercriminals. Fortunately, Akamai can help. They just published a report that has tons of insights and strategies on strengthening your API game. Give it a read.