MFA Fatigue - A New Emerging Tactic of Hackers

Social engineering attacks are one of the favorite tactics of hackers to get access to login credentials and breach the organization's security system. One such emerging social engineering attack is the MFA fatigue attack, which manipulates the multi-factor authentication process.

During corporate breaches, attackers try to somehow get access to employee login credentials using different tactics, such as phishing attacks, leaked credentials due to data breaches, malware, or buying the data from the dark web. Once attackers get access to login credentials, they nowadays face another blockage in the shape of multi-factor authentication (MFA).

MFA requires additional verification information that can be a one-time password, a prompt message to confirm the login, or similar others. Since this authentication directly involves the person whose credentials are stolen, therefore attackers tend to bypass this stage through different tactics. MFA fatigue is an emerging tactic to bypass MFA that even resulted in data breaches of big companies, like Cisco and Uber. So, let's explore in detail what is MFA fatigue all about and how to protect from it.

What is MFA Fatigue

In a push notification-based multi-factor authentication, employees receive a prompt message that asks to approve the sign-in and also provides the location from where the request is made. In the MFA fatigue attack, the attackers use the stolen login credentials of an employee and keep sending him/her push notifications continuously until he/she approves the request to get rid of the non-stop stream of push notifications.

Since there are chances that the employee might keep rejecting the sign-in request or become suspicious about these malicious activities, attacks also sometimes use email or call pretending to be from the IT support team and ask the employee to approve the sign-in request. So, even if the employee does not get tired of rejecting the push notifications, an email/call might convince him/her to accept the request.

Many big corporate names have become the victim of MFA fatigue attacks despite having top-notch security measures. Cisco and Uber are two new cases of MFA fatigue attacks this year. Below is a quick review of their attacked approach:

• Cisco: The Yanluowang threat actors hijacked the Google personal account synced with the browser of an employee to access the login credentials. Afterward, the attackers initiated an MFA fatigue attack along with multiple voice phishing attacks to make the employee accept the MFA push notification.
• Uber: The attackers first conducted a social engineering attack on an employee to access Uber's intranet. Afterward, they initiated the MFA fatigue attack and acted as Uber IT support to make the employee convinced to accept the MFA push notification request.

From the above two examples, it is evident that MFA fatigue is a real security threat that can compromise any corporate network despite assuming to have effective MFA authentication in place.

How to Protect from MFA Fatigue Attack

Just like any other cyberattack, there are many ways to protect from an MFA fatigue attack. Some of the recommended ones are as follows:

• Don't Panic: If you receive continuous MFA push notifications, then don't panic and approve the requests. That's exactly what attackers want from you.
• Talk to IT Admins: If you receive an email/call from someone pretending to be from the IT team, then contact someone you know from the IT team and verify if the message is actually from the IT department.
• Change Password: Continuous MFA push notifications are an indication of a breach of login credentials. So, it's recommended to change the password right away to stop attackers from doing login attempts.
• Use Number Matching MFA: Instead of using push notifications, try to set up MFA with a number-matching approach. In this approach, the user intending to log in gets a combination of numbers that he/she has to enter into the authentication message on the mobile device.
• Educate Employees: Most employees are not aware of the emerging MFA fatigue attack tactic, so they can become a victim of it unintentionally. Therefore, it is important that they are educated about it so that they can detect such activities in the first place.

Other than the above practices, your organization can deploy other MFA fatigue preventive measures that the cybersecurity team finds more appropriate.

Wrapping Up

Cyberattacks are always busy finding new ways to bypass the security defenses of organizations. MFA fatigue attack is one of the emerging and concerning threats for organizations, especially large organizations with hundreds of employees. The success of the MFA fatigue attack is all linked to human weaknesses. However, it is preventable by following the above tips and more depending on how your organization conducts MFA authentication. So, start with MFA fatigue preventative measures right away and protect your organization from this emerging cyberattack.

Contact CARE Team to find out how we can assist you to improve IT Security.