Security News > 2022 > September > MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
An MFA Fatigue attack is when a threat actor runs a script that attempts to log in with stolen credentials over and over, causing what feels like an endless stream of MFA push requests to be sent to the account's owner's mobile device.
A demonstration of an MFA Fatigue attack, or MFA spam, can be seen in this YouTube video created by cybersecurity support company Reformed IT. In many cases, the threat actors will push out repeated MFA notifications and then contact the target through email, messaging platforms, or over the phone, pretending to be IT support to convince the user to accept the MFA prompt.
If you are an employee who is the target of an MFA Fatigue/Spam attack, and you receive an endless wave of MFA push notifications, do not panic, do not approve the MFA request, and do not talk to unknown people claiming to be from your organization.
Azure AD provides risk levels on every login, and login attempts which show risk in conjunction with simple-approval MFA methods should be investigated to ensure that an MFA fatigue attack wasn't indicated.
Cyberark's Shay Nahari, CyberArk VP of Red Team Services, also provided tips on strengthening MFA and prevent MFA Fatigue.
"As part of my team's adversary simulation exercises, we look at different types of detections including hard indicators of compromise. Hard IOCs are fundamental to a specific attack. In the case of MFA Fatigue, the attacker already has access to credentials and needs to solicit the user to approve the MFA notification in order to gain access. If an organization is successful in blocking MFA Fatigue, the attacker will be forced to choose another attack path. The OTP configuration can make the user less susceptible to this type of attack and significantly reduce risk."