In the wild, highly motivated and known threat actors are actively using this kind of method to penetrate Office 365 accounts and compromise entire organizations.
Our team has also observed a significant increase in the number of attacks performed using this technique. GoSecure Titan Labs identified new threat vectors using MFA Fatigue attacks based on recent investigations. We’ll describe what MFA fatigue is, how it is carried out and detail the steps for IT professionals to detect and mitigate it within their organizations. In this case, we are examining MFA Fatigue by focusing on a current attack vector-Push Notification Spamming. And while the intent of these methods is to provide extra protection, attackers have also begun to look for ways to compromise what should be a security enhancing practice. There are many MFA options including SMS, One Time Passwords (OTP) and push notifications from an app. As a second form of protection, along with passwords, it supplies another step in the process to verify the real identity of the user trying to log in. Multi-factor Authentication or MFA (sometimes referred as 2FA) is an excellent way to protect your Office 365 accounts from attackers trying to gain access to them.
0 kommentar(er)
