Unveiling MFA Fatigue: A New Threat Landscape

As the technological landscape continues to evolve and additional security measures are implemented, malicious actors are also working hard to employ stronger and more realistic hacking techniques to steal information and break into systems.

Dimitry and Alek, part of a nationwide group of IT experts, have seen it firsthand. Every Managed Service Provider in their group has encountered a scenario where a client fell victim to a deceptively simple yet devastating attack known as 'MFA Fatigue.'

In this article, Infiniwiz aims to shed light on this emerging social engineering attack. If you ever encounter this attack, the hacker has likely already gained access to your confidential information, more specifically, your login credentials.

What is MFA Fatigue?

Malicious actors are aware that users are accustomed to notifications and accepting push requests on their mobile phones to either approve or deny access to a mailbox, server, or software. Sometimes, without even thinking, we may mindlessly press "approve" or "allow," assuming it's a routine action, thus inadvertently granting access to sensitive information or compromising security measures.

Therefore, the attacker will repeatedly send out MFA requests until the end user gives in and accepts the request to stop receiving the notifications.

It is important to note that malicious actors leverage this tactic against users who utilize authentication applications rather than receiving verification codes via text. With these applications, users are prompted with a simple "approve" or "deny" notification on their phones when attempting to log in somewhere. This notification can quickly become a source of annoyance. As a result, users may unwittingly grant access to sensitive information or compromise security measures.

Users may approve the request for multiple reasons. One is that they may think that the application is broken or experience issues. One may also believe the company's IT guys may be working on something. Additionally, if the 2FA notification keeps popping up, a user may approve it and just get rid of it because they are in the middle of working on something on their device.

What's worse about this attack?

If a user is prompted with these pop-ups, it indicates that the hacker has already compromised the credentials of a specific program. Once the correct credentials are entered, all the attackers need is for the user to approve the MFA request. Consequently, the success of hackers gaining unauthorized access to a program is ultimately in the user's hands.

So, what should a user do if they are receiving these pop-ups?

If users repeatedly receive pop-up requests for MFA approval, they should immediately contact their IT department. This is imperative because the appearance of these pop-ups indicates that the hackers have likely breached one's credentials, bypassing the initial password security measure.

By contacting the IT department, users can alert the relevant personnel about the security breach and take swift action to mitigate any potential damage. Additionally, users should remain vigilant and cautious when interacting with MFA requests in the future. Some platforms, like Microsoft, have introduced enhanced MFA methods that require users to enter a temporary two-digit number displayed on the login page into the app rather than simply clicking "approve."

This adds an extra layer of security by ensuring that users are actively engaged in the authentication process and are less susceptible to mindlessly approving fraudulent access attempts. While these advancements improve security measures, users should always stay informed about emerging threats and best practices to safeguard their accounts and sensitive information.