Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog
MFA

How to prevent and protect against an MFA Flood attack

Posted on November 3, 2022November 15, 2022 By rich No Comments on How to prevent and protect against an MFA Flood attack
Cyber Security

MFA has become the industry standard for all authentication where access to the network from external locations is required. It’s not uncommon to see articles online stating that “MFA prevents 99% of all credential attacks”. However, cybercriminals are always looking for ways to penetrate their target networks’ defences and MFA is no exception.

If you’re a business owner, the advice you’ve been given around MFA likely is “even if you gave up your credentials, an attacker still could not log in without your mobile phone“. And, to this day, this is true.

So how exactly can someone bypass your MFA security in your organization?

Well, it’s pretty simple; your users are only human. Think of a time when you’ve focused on achieving a task on your computer. How often have you clicked “Next” or “OK” without reading the pop-up? Well, this is the phycology that attackers are exploiting with MFA. It’s called “MFA Fatigue”. If an attacker has one of your user’s login credentials and attempts to sign in enough times (10, 50, or 100 or more), then the outcome is that the user’s mobile device is repeatedly pinging and doesn’t stop. The user naturally hits approve to prevent the annoying sound. The less security-conscious user will think it’s just a glitch with the app and think nothing of it.

The result is that an attacker has bypassed two authentication factors and could be anywhere in the world, now with a full copy of your mailbox and a session connected to your mailbox to do as they please.

What can we do to protect against this kind of attack?

In cyber security, it is widely known that the weakest link in your security posture is almost always your people. Therefore, it’s critical to ensure that you regularly train and inform your staff of standard IT practices. There are many ways to do this, but I’d recommend making security a part of your company culture, ethics, standards and way of life. Security is everyone’s job, whether you’re the CEO or the cleaner. Everyone is a target.

What can we do the prevent this kind of attack?

This depends on the technical controls you have at your disposal. If your emails are hosted in Office 365, you could leverage Intune to apply conditional access policies for your organisations. Conditional access allows you to configure policies to only allow logins to accounts when specific conditions are met; for example, the login must be from the UK, block logins using legacy authentication, or block sign-ins from risky IP addresses.

Another option is to reconfigure your allowed MFA methods only to accept a PIN so that the user must type the PIN in manually. This prevents the push flood from happening in the first place. However, it can be a less pleasant user experience having to open an app and read than type the number in.

Tags: Authentication Conditional Access MFA Multi Factor Office 365 Security

Post navigation

❮ Previous Post: Set screen resolution for Kali VM on Hyper-V
Next Post: OpenSSL version 3.0 releases 9.8 Critical Vulnerability – CVE-2022-3602 ❯

You may also like

Cyber Security
How to block an Office 365 Sign-in correctly
November 13, 2022
Cyber Security
OpenSSL version 3.0 releases 9.8 Critical Vulnerability – CVE-2022-3602
November 4, 2022
Ransomware
Cyber Security
How to implement a lightning-fast ransomware playbook
November 25, 2022
Phishing
Cyber Security
How to implement a SecOps team phishing response plan
November 15, 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown