MFA Fatigue: The New Hack You Need To Be Aware Of
In recent weeks a specific type of social engineering attack has been successfully utilised by threat actors to compromise numerous businesses across the country and around the globe. MFA Fatigue attacks are a novel form of hack; threat actors purposefully flood unwitting users’ devices with notifications, causing them to relinquish control of their accounts.
Today we investigate this attack type in more detail, so you and your employees can recognise potential MFA Fatigue attacks if a hacker is to attack your business.
What is MFA Fatigue?
MFA Fatigue attacks occur when an organisation’s MFA set-up is configured to use push notifications for employees. In such a case, when a user tries to access their MFA protected account, they’ll receive a push notification from a separate personal device or authenticator app. The notification will require the user to authenticate the login attempt, highlighting details related to the login (such as location, time etc.).
When a fatigue attack occurs, the hacker or threat actor runs a script that utilises stolen credentials to make repeated login attempts. This floods the unsuspecting user’s phone with MFA push notifications, causing a pile-up of login notifications. The hacker’s goal is to cause the victim a sense of ‘fatigue’ regarding the MFA push notifications. They will repeatedly make false login attempts over an extended period of time, weakening the individual’s cybersecurity posture.
To advance towards their goal, threat actors will also reach out to the user via messaging platforms, email, or over the phone. Under the guise of IT support, they’ll convince the victim to accept the bogus MFA notifications. Eventually, targets become so overwhelmed by the situation and the sheer number of MFA prompts that they approve the request - allowing the hacker to enter their accounts, data and systems.
How to deal with a suspected MFA Fatigue attack?
If an employee feels they may be the target of an MFA Fatigue attack, it’s essential for them to immediately contact your enterprise’s IT admins or security team. If a user receives a rapid-fire string of MFA push notifications, it’s important for them not to panic, not to approve the requests, and to seek out immediate support from a trust security partner. If possible, the user should immediately change their password to prevent the threat actor from making continued login attempts. Once the password is changed, the hacker is unable to push MFA spam notifications, giving your cybersecurity team time to investigate and counter the attack.
If your business works in tandem with a managed services IT partner, then it’s important to engage the services of their support desk. Your MSP partner will be well-versed and highly experienced in countering attempted hacks, and can advise your employees of the correct procedure in the case of an attempted hack. At Fitzrovia IT, our IT helpdesk is available 24/7 as part of our tiered Fitz Managed Security Services (Fitz MSS) packages. Fitz MSS is a worry-free approach to securing your systems, and our IT experts are always on hand to counter threats such as MFA Fatigue attacks.
To find out more about our cybersecurity services, or to discuss your cybersecurity concerns in more depth, contact our expert team today.