The recently discovered MFA Fatigue attack targets corporations

September 28, 2022
Discovered MFA Fatigue Attack Corporations Stolen Credentials Fraud Prevention

A new social engineering tactic, “MFA Fatigue,” has been gaining prominence across the cybercriminal landscape as more threat actors employ it. Researchers stated that this social engineering method is created exclusively for targeting corporate credentials and breaching network securities.

Multiple malicious threat groups have recently started utilising the MFA Fatigue in their campaigns against different entities. The technique implemented in attacks occurs when a threat actor runs a script to log in with previously stolen credentials repeatedly, with frequent MFA push requests sent to an account owner’s device.

Moreover, the attackers commonly retain the attack for an extended period to cause a sense of fatigue or irritation to the MFA prompts. This technique eventually leads to the breakdown of the targeted cybersecurity solution.

In most cases, the threat actors push numerous MFA notifications and contact the target through various messaging platforms, mobile phones, or emails. They usually pretend to be IT support to deceive the user into accepting the MFA request.

However, this attack relies heavily on the carelessness of a target since the threat actors want their victims to approve the MFA request unintentionally. This detail is why they bombard its target with numerous MFA requests, hence the name MFA Fatigue.

This newly devised strategy from the threat actors has been very efficient for their attacks since they do not use phishing infrastructure or malware.

 

Two of the most notorious threat actors have started employing the MFA Fatigue in their attacks.

 

Recent reports revealed that the attack tactic had been adopted by two notorious threat groups called Lapsus$ and Yanluowang. Both groups have breached organisations using the new social engineering tactic.

The Yanluowang group accessed the Cisco VPN through a compromised Google account believed to be infected using MFA Fatigue. For the Lapsus$ group, the researchers thought that the new tactic also caused the illegal intrusion of the Uber account.

Cybersecurity experts explained that these MFA requests should be approved by prompts cautiously. If this technique targets an employee, it is better to address the issue calmly, as the threat actors cannot do anything if the request is not approved.

Lastly, contacting IT administrators or supervisors is the most proactive way of defending against such attacks.

About the author

Leave a Reply