The 'PoisonSeed' phishing campaign, known for large-volume financial fraud, is now effectively bypassing FIDO2 security key protections by exploiting the legitimate WebAuthn cross-device sign-in feature. This sophisticated attack uses an adversary-in-the-middle technique to present a QR code on impersonated login portals, tricking users into approving attacker-initiated logins via their secondary devices, thus circumventing the intended phishing resistance of FIDO2 keys. This development underscores an escalating threat where robust authentication mechanisms are compromised through feature abuse and social engineering, rather than direct exploits, posing a critical risk for organizations relying on such security.
A sophisticated phishing campaign dubbed 'PoisonSeed' is circumventing FIDO2 security key protections, a development that poses a significant risk to enterprise security. The attack vector does not exploit a technical flaw within FIDO2 but rather abuses the legitimate cross-device sign-in feature of WebAuthn. Through an adversary-in-the-middle (AiTM) attack, threat actors impersonate corporate login portals for services like Microsoft 365 and Okta, tricking users into scanning a malicious QR code that approves the attacker's login attempt on a separate device. This method effectively downgrades the authentication process and bypasses the intended physical security of FIDO2 keys. The neutral sentiment scores for Microsoft (MSFT) and Okta (OKTA) indicate the market correctly perceives this not as a platform-specific vulnerability but as an industry-wide challenge in social engineering that erodes trust in even advanced multi-factor authentication (MFA) standards.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.60
Ticker Sentiment
