News

MFA Resets Become the New Attack Vector in Financial Services

louiswcolumbus@gmail.com (Louis Columbus)May 27, 2026 · about 2 hours ago

Financial services organizations are being compromised through voice phishing and MFA resets rather than password theft, according to CrowdStrike's 2026 threat report. Mutant Spider, the most active threat group targeting the sector, impersonates IT support over Microsoft Teams to convince employees to reset credentials and MFA, then registers attacker devices on corporate networks. This represents a structural shift in attack methodology that bypasses traditional password-based security controls.

TL;DR

Mutant Spider conducted the most successful attacks on financial services in the past 12 months using voice phishing over Microsoft Teams, not password theft
The group impersonates IT support, convinces employees to reset MFA, and registers attacker devices to gain persistent network access
Credential theft dropped to 13% of breach initial access vectors, while vulnerability exploitation rose to 31%, according to Verizon's 2026 report
Financial services faced 43% more hands-on-keyboard intrusions in 2025 compared to two years earlier, with ransomware operators naming 423 entities on leak sites

Why It Matters

MFA, long considered a gold standard security control, is proving insufficient against sophisticated social engineering attacks that bypass password authentication entirely. Attackers are exploiting the legitimate MFA reset process itself as an attack vector, meaning organizations cannot rely on traditional credential-based defenses. This represents a fundamental shift in how financial institutions must approach access control and employee security training.

Business Impact

Financial services organizations must reassess their security architecture beyond MFA implementation. The attacks documented are low-cost, high-success operations that don't require zero-day exploits or advanced technical skills, making them economically attractive to both e-crime and state-sponsored actors. Organizations need to implement additional controls around credential reset processes, device registration, and token management to close these gaps.

Key Implications

MFA reset processes require additional authentication layers and approval workflows to prevent social engineering attacks
Device registration and token grant mechanisms need monitoring and restrictions independent of MFA status
Voice phishing over internal communication platforms like Microsoft Teams is now a primary attack vector requiring specific employee training and technical controls
OAuth token theft through legitimate authentication flows bypasses MFA entirely and grants persistent access without additional prompts

What to Watch

Monitor for increases in voice phishing attempts targeting IT support functions and credential reset requests. Track adoption of conditional access policies that restrict device registration and token grants based on risk signals. Watch for emerging phishing-as-a-service platforms like Kali365 that specifically target OAuth token capture through legitimate authentication flows.

Governance & Policy AI Risk & Security

Our Briefing

Weekly signal. No noise. Built for founders, operators, and AI-curious professionals.

No spam. Unsubscribe any time.

AdventHealth deploys ChatGPT to cut administrative burden

AdventHealth is deploying ChatGPT for Healthcare to streamline clinical and administrative workflows, with the goal of reducing administrative burden on staff and freeing up time for direct patient care. The health system is using OpenAI's healthcare-specific model to handle workflow optimization tasks. This represents a practical application of generative AI in healthcare operations rather than clinical decision-making.

5 days ago· OpenAI

AI for BusinessNews

AI Discovers Security Flaws Faster Than Humans Can Patch Them

Recent high-profile breaches at startups like Mercor and Vercel, combined with Anthropic's disclosure that its Mythos AI model identified thousands of previously unknown cybersecurity vulnerabilities, underscore growing demand for AI-powered security solutions. The article argues that cybersecurity vendors CrowdStrike and Palo Alto Networks, which are integrating AI into their threat detection and response capabilities, represent undervalued investment opportunities as enterprises face mounting pressure to defend against both conventional and AI-discovered attack vectors.

28 days ago· The Information

AI HardwareTrendingModel Release

AWS Launches G7e GPU Instances for Cheaper Large Model Inference

AWS has launched G7e instances on Amazon SageMaker AI, powered by NVIDIA RTX PRO 6000 Blackwell GPUs with 96 GB of GDDR7 memory per GPU. The instances deliver up to 2.3x inference performance compared to previous-generation G6e instances and support configurations from 1 to 8 GPUs, enabling deployment of large language models up to 300B parameters on the largest 8-GPU node. This represents a significant upgrade in memory bandwidth, networking throughput, and model capacity for generative AI inference workloads.

about 1 month ago· AWS Machine Learning Blog

AnthropicModel Release

Anthropic Launches Claude Design for Non-Designers

Anthropic has launched Claude Design, a new product aimed at helping non-designers like founders and product managers create visuals quickly to communicate their ideas. The tool addresses a gap for early-stage teams and individuals who need to share concepts visually but lack design expertise or resources. Claude Design integrates with Anthropic's Claude AI platform, leveraging its capabilities to streamline the visual creation process. The launch reflects growing demand for AI-powered design tools that lower barriers to entry for non-technical users.

about 1 month ago· TechCrunch AI