MFA bombing taken to the next level | Malware

Phone On Fire.jpg

Simply put, MFA bombing (also known as “push bombing” or “MFA fatigue”) is a brute force attack on your patience. Cybercriminals use MFA bombing to break into accounts that are protected by multi-factor authentication (MFA).

MFA normally requires a user to enter a six-digit code sent by SMS, or generated by an app, or to respond to a push notification, when they enter a username and password. It provides an enormous increase in security and makes life much harder for criminals.

Because it’s so hard to break, criminals have taken to getting users to defeat their own MFA. They do this by using stolen credentials to try logging in, or by trying to reset a user’s password over and over again. In both cases this bombards the user with push notifications asking them to approve the login, or messages asking them to change their password. By doing this, the criminals hope that users will either tap the wrong option or get so fed up they just do whatever the messages are asking them to do, just to make the bombardment stop.

Now, according to this blog by Bran Krebs, these attacks have evolved. If you can withstand the pressure of the constant notifications, the criminals will call you pretending to come to your rescue.

In one example Krebs writes about, criminals flooded a target’s phone with password reset notifications for their Apple ID. Each notification required the user to choose either “Allow” or “Don’t Allow” before they could go back to using their device.

After withstanding the temptation to click “Allow”, and declining “100-plus” notifications, the victim receved a call from a spoofed number pretending to be Apple Support.

The call was designed to get the victim to trigger a password reset, and then to hand…

 read more

Watch: Malwarebytes Podcasts for the latest security headlines and in-depth interviews with guests.

FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

Ad Amazon Minecraft Clothing, toys, and accessories.

Stay connected throughout the year with official, ongoing Microsoft podcasts.
Microsoft Podcasts Apple | Microsoft podcasts YouTube

“Awakening is not changing who you are, but discarding who you are not.” —Deepak Chopra
“It does not matter how long you are spending on the earth, how much money you have gathered, or how much attention you have received. It is the amount of positive vibration you have radiated in life that matters.” —Amit Ray
“Spirituality is recognizing and celebrating that we are all inextricably connected to each other by a power greater than all of us and that our connection to that power and to one another is grounded in love and compassion. Practicing spirituality brings a sense of perspective, meaning, and purpose to our lives.” —Brené Brown

Related Posts