Multifactor Authentication Fatigue or Push Bombing Attacks: A Growing Cyber Threat
Print
EmailMultifactor Authentication Fatigue or Push Bombing Attacks: A Growing Cyber Threat
Cyber attackers are increasingly using a technique known as multifactor authentication (MFA) fatigue or push bombing. This involves repeatedly sending second-factor authentication requests to a target’s registered devices, such as phone apps or emails, in hopes that the victim will eventually approve one.
This attack requires the user’s credentials, which can often be found on the dark web from previous compromises or phishing attacks. It’s crucial for users to be aware of these tactics to prevent attackers from bypassing the final layer of defense after passwords have been exposed.
These attacks have led to ransomware incidents where sensitive data is encrypted and held for ransom. The attacks have also lead to successful compromises of consumer's financial services, retirement, and investment accounts.
Key Recommendations:
- Do not approve unexpected MFA requests.
- Notify the IT security team responsible for the specific system being targeted.
- If you fall victim to such an attack, it’s likely your password and username have been compromised. A password reset is required.
