Legal Operations » MFA Fatigue Is Becoming More Popular with Threat Actors

MFA Fatigue Is Becoming More Popular with Threat Actors


November 3, 2022

More and more, hackers are using social engineering attacks to gain access to corporate credentials and breach large networks. One of the techniques used is MFA Fatigue, which has become more widespread with the rise of multi-factor authentication. Although threat actors can use numerous methods to bypass multi-factor authentication, MFA Fatigue, or MFA push spam, has proven to be a success when breaching organizations such as MicrosoftCisco, and now Uber.

When an organization’s multi-factor authentication is configured to use ‘push’ notifications, employees see a prompt on their mobile devices when someone tries to log in with their credentials. An MFA Fatigue attack occurs when a threat actor runs a script that attempts to log in with stolen credentials over and over, night and day, to break down the target’s cybersecurity and inflict a sense of “fatigue” on the MFA prompts. Security professionals have suggested disabling MFA push notifications, limiting the number of MFA authentication requests per user and moving to FIDO hardware security keys to secure logins. Microsoft, Oktai, and Cyberark have made recommendations that include organizations going passwordless, setting thresholds and trigger alarms to the security operations center, and blocking user authentication from suspicious IP addresses.

Share this post:

Find this article interesting?

Sign up for more with a complimentary subscription to Today’s General Counsel magazine.