"MFA Fatigue: Hackers' New Favorite Tactic in High-Profile Breaches"

Hackers are increasingly using social engineering attacks to gain access to corporate credentials and infiltrate large networks. As the use of multi-factor authentication (MFA) continues to grow, a technique called MFA Fatigue is growing more popular. Hackers commonly use stolen employee login credentials when breaching corporate networks to access Virtual Private Networks (VPNs) and the internal network. Threat actors can obtain corporate credentials through various means, including phishing attacks, malware, leaked credentials from data breaches, or purchasing them on the dark web. As a result, businesses have increasingly enabled MFA to prevent users from logging into a network without first providing additional verification. While threat actors can use various methods to circumvent MFA, most involve stealing cookies via malware or man-in-the-middle phishing attack frameworks such as evilginx2. However, the social engineering technique MFA Fatigue, also known as MFA push spam, is gaining popularity among threat actors because it does not require malware or phishing infrastructure and has proven to be effective in attacks. When an organization's MFA is set up to use 'push' notifications, a prompt will appear on an employee's mobile device when someone attempts to log in with their credentials. These MFA push notifications prompt the user to confirm the login attempt and will display the location of the login attempt. An MFA Fatigue attack occurs when a threat actor executes a script that repeatedly attempts to log in with stolen credentials, resulting in what appears to be an endless stream of MFA push requests being sent to the account owner's mobile device. The goal is to weaken the target's cybersecurity posture and instill fatigue about MFA prompts. This article continues to discuss the concept of MFA Fatigue and suggestions for mitigating this social engineering technique.

Bleeping Computer reports "MFA Fatigue: Hackers' New Favorite Tactic in High-Profile Breaches"

Submitted by Anonymous on