Multi-factor Authentication fatigue attacks on the rise

How can you protect your organization against MFA attacks?

There is a new type of attack campaign that has been emerging over the past few months involving the ability to bypass a critical security control—multi-factor authentication.MFA (or 2FA) is not a new concept and, as it has been more heavily adopted, attacks have been on the rise. This new attack, recently named "MFA Fatigue Attacks," isn't really surprising. People get tired of seeing the "push based" authentication requests they get from MFA, so if the attacker spams the "push request" button repeatedly, thus sending multiple requests to a user's phone, the user may either be tricked into pushing "Accept" or just "Accept" the request out of a desire to make the push requests stop.

A recent blog post from Mandiant outlined how this tactic has been used by Russian threat actors during intrusions into business and government targets. The bottom line is: these tactics work!What can you do to protect against MFA fatigue attacks?The big things you can do are:

When you get a push notification, do your best to make sure:
a) You ARE expecting the push authentication request
b) You recognize the app that is shown
c) The location, as shown, makes sense

If the request does NOT pass the above test, don’t accept the request!

Resources & Reminders

Webinars and articles

Explore our growing digital collection of materials designed to provide an easy-to-use database of educational information. Check out all our IT & Website Services articles and our past technology webinars on our website, including all the cybersecurity information during the last two years of the pandemic.

Be proactive to prevent successful attacksThere are several ways to help both prevent these attacks from succeeding and also to limit the blast damage to your organization that would incur if such an attack would succeed. This includes implementing the following and more:

Strong password policies. In most cases, these attacks require a compromised password as a pre-requisite.

Conditional Access Policies and Identity Threat Protection, which identifies unusual logon attempts and alerts your IT team.

Ongoing user education

Get proactive!
CBS goes on the offensive to improve effectiveness

CBS IT & Website Services has adopted a new theme for this year in all our webinars and articles. This year, we are moving from defense—IT Risk Management and cybersecurity during the pandemic years—to offense—taking full advantage of information technologies to improve services offered to all stake holders and constituencies, to improve operational efficiency and overall effectiveness.

You will see this proactive approach woven into the topics of our webinars, Outreach articles, and public speaking engagements throughout the year.