New Attacks Target Multi-Factor Authentication


Microsoft, Cisco and Uber are among the companies hit by this new threat…


An article review. 


As more organizations adopt multi-factor authentication to help safeguard their systems hackers have adapted, and several major corporations have been among those hit by this new style of attack.  This new technique, called MFA Fatigue or Push Spamming, involves sending numerous fraudulent push notifications to a target in the hopes that they will inadvertently accept one–and it has recently been seen at organizations including Microsoft, Cisco and Uber.

While avoiding these kinds of attacks can be as simple as not accepting unexpected push notifications, experts suggest disabling push notifications entirely.  If that is not possible, both Duo and Microsoft offer “verified push” options in their authenticators which require the user to match a number displayed on their screen with one in the push notification.  It should also be noted that a Push Spamming attack at Cloudflare was mitigated by their use of hardware security keys–though this technology may present compatibility issues with some services.  Finally, it is important to remember that while these attacks are concerning, a properly implemented multi-factor authentication system should still be considered an important part of securing your organization’s systems.


Original article by Lawrence Abrams writing for Bleeping Computer.


same_strip_012513


 

Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to offerings.infotex.com! We even made a movie with all the reasons why infotex...

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...

Cybersecurity Awareness Month Awareness Poster

About Services Audit & Assessment Policies & Procedures EDR/MDR/XDR Managed SIEM Consulting Services Network Monitoring Education Resource Library Webinars & Workshops V...