The credentials used could be obtained via brute forcing, password reuse or spraying. This technique is simple as it only requires the attacker to manually, or even automatically, send repeated push notifications while trying to log into the victim’s account.
This is the authentication method we are going to be focusing on, as it enables an attacker to perform a push notification spamming attack. Another choice is push notifications from an app. One Time Password or OTP is another way to verify the user’s identity by generating a passcode that is updated in fixed time intervals. MFA Fatigue and Password Fatigue do share a similar theme, that the user is “fatigued” (or overwhelmed by volume) and will start setting security best practices aside and become careless, putting their organization and their accounts in danger of compromise.Īs previously mentioned, MFA can use a diverse set of mediums to authenticate the user, such as SMS messages or phone calls where the user authenticates their identity via a pre-configured phone number. It should not be confused with “ Password Fatigue” in which the user is overwhelmed with the number of passwords or PINs they must remember for multiple accounts or events. The term “MFA Fatigue” refers to the overload of notifications or prompts via MFA applications, in multiple accounts, that the user receives during the day to perform logins or approve different actions. As app-based authentication mechanisms are being adopted increasingly as a safer way to authenticate a user (versus SMS or phone call) it is expected that this tendency will grow in the future, even be encouraged by Microsoft itself. In the wild, highly motivated and known threat actors are actively using this kind of method to penetrate Office 365 accounts and compromise entire organizations. Our team has also observed a significant increase in the number of attacks performed using this technique. GoSecure Titan Labs identified new threat vectors using MFA Fatigue attacks based on recent investigations. We’ll describe what MFA fatigue is, how it is carried out and detail the steps for IT professionals to detect and mitigate it within their organizations. In this case, we are examining MFA Fatigue by focusing on a current attack vector-Push Notification Spamming. And while the intent of these methods is to provide extra protection, attackers have also begun to look for ways to compromise what should be a security enhancing practice. There are many MFA options including SMS, One Time Passwords (OTP) and push notifications from an app.
As a second form of protection, along with passwords, it supplies another step in the process to verify the real identity of the user trying to log in.
Multi-factor Authentication or MFA (sometimes referred as 2FA) is an excellent way to protect your Office 365 accounts from attackers trying to gain access to them.
0 kommentar(er)
