One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8415409 |
| Date de publication | 2023-11-21 08:35:02 (vue: 2023-11-21 15:07:24) |
| Titre | Prévenir les attaques de fatigue du MFA: sauvegarder votre organisation Preventing MFA Fatigue Attacks: Safeguarding Your Organization |
| Texte | Gaining access to critical systems and stealing sensitive data are top objectives for most cybercriminals. Social engineering and phishing are powerful tools to help them achieve both. That\'s why multifactor authentication (MFA) has become such an important security measure for businesses and users. Without MFA as part of the user authentication process, it is much less challenging for an attacker with stolen credentials to authenticate a user\'s account. The primary goal of MFA is to reduce the risk of unauthorized access, especially in situations where passwords alone may not provide enough protection. Even if an attacker steals a user\'s password, with MFA they still need the second factor (and maybe others) to gain access to an account. Examples of MFA factors include biometrics, like fingerprints, and signals from user devices, like GPS location. MFA isn\'t a perfect solution, though-it can be bypassed. Adversaries are relentless in their efforts to undermine any security defenses standing in the way of their success. (The evolution of phish kits for stealing MFA tokens is evidence of that.) But sometimes, attackers will choose to take an in-your-face approach that is not very creative or technical. MFA fatigue attacks fall into that category. What are MFA fatigue attacks-and how do they work? MFA fatigue attacks, also known as MFA bombing or MFA spamming, are a form of social engineering. They are designed to wear down a user\'s patience so that they will accept an MFA request out of frustration or annoyance-and thus enable an attacker to access their account or device. Many people encounter MFA requests daily, or even multiple times per day, as they sign-in to various apps, sites, systems and platforms. Receiving MFA requests via email, phone or other devices as part of that process is a routine occurrence. So, it is logical for a user to assume that if they receive a push notification from an account that they know requires MFA, it is a legitimate request. And if they are very busy at the time that they receive several push notifications in quick succession to authenticate an account, they may be even more inclined to accept a request without scrutinizing it. Here\'s an overview of how an MFA attack works: A malicious actor obtains the username and password of their target. They can achieve this in various ways, from password-cracking tactics like brute-force attacks to targeted phishing attacks to purchasing stolen credentials on the dark web. The attacker then starts to send MFA notifications to the user continuously, usually via automation, until that individual feels overwhelmed and approves the login attempt just to make the requests stop. (Usually, the push notifications from MFA solutions require the user to simply click a “yes” button to authenticate from the registered device or email account.) Once the attacker has unauthorized access to the account, they can steal sensitive data, install malware and do other mischief, including impersonating the user they have compromised-taking their actions as far as they can or want to go. 3 examples of successful MFA fatigue attacks To help your users understand the risk of these attacks, you may want to include some real-world examples in your security awareness program on this topic. Here are three notable incidents, which are all associated with the same threat actor: Uber. In September 2022, Uber reported that an attacker affiliated with the threat actor group Lapsus$ had compromised a contractor\'s account. The attacker may have purchased corporate account credentials on the dark web, Uber said in a security update. The contractor received several MFA notifications as the attacker tried to access the account-and eventually accepted one. After the attacker logged in to the account, they proceeded to access other accounts, achieving privilege escalation. One action the attacker took was to reconfigure Uber\'s OpenDNS to display a graphic image on some of the company\'s internal sites. Cisco. Cisco suffer |
| Envoyé | Oui |
| Condensat | 2022 about accept accepted access accessing access account accounts account” achieve achieving across action actions actor actor: actors adaptive adopting advanced adversaries adversary affiliated after against aims algorithm all allow alone also always amplify annoyance anomalies another any applications approach approaches approval approves apps are artificial assign associated assume attack attacker attackers attacks attacks: attacks attempt attempts attributed authenticate authentication authenticator authorized automation aware awareness back barrage based because become been behavior behavior best biometric biometrics bombing both breach breached broker brute business businesses busy but button bypassed can category caused challenging change channels characteristics characters choose cisco classification click code community company comply compromised concept confirmed consider considers content context contextual continuously contractor convince corporate crack cracking create creative credentials critical crucial cybercrime cybercriminals cybersecurity daily damage damages dark data day decisions decrease defend defenders defenses denying depending designed detect detection develop device devices diligent display don down dynamics easier effective efforts email embracing employee enable encounter encrypted engage engineering enough environment escalation especially evaluate even event eventually evidence evolution example examples excessive experiences face facial factor factors fall far fatigue feel feeling feels fell fido2 final finally fingerprint fingerprints force form fortify from frustration gain gained gaining gang generally generate generated given goal google gps granting graphic great group guess had harder has hassled have having help helping helps help here high historical hoping how hurdle iab identified identify identities identity image impersonating important incidents inclined include include: including indicators individual individuals information information informed initial install instituting intelligence internal isn its just keys kit kits know knowledge known lapsus$ later learn learned learning least legitimate lengths less lessons level like limit limiting location location log logged logical login long machine main make making malicious malware management many march may maybe measure measures merge messages methods mfa microsoft might minimum mischief mitigating more more most much multifactor multiple need needs network non not notable nothing notification notifications number objectives obtains occurrence once one opendns operators organization other others otherwise our password out overview overwhelmed part passcode passphrases password passwordless passwords patience pattern patterns patterns people per perfect perform period permissions person phish phishing phone platforms play policies policy polp positive possession powerful practices prevent preventing previously primary principle print privilege proceeded process program prompting prompts proofpoint proprietary protection provide provides purchased purchasing push quick ransomware real receive received receiving receptive reconfigure reduce registered relentless remediate repeated replay reported request requests require requirements requires research researchers resent respond responding restrict resubmit risk robust role routine safeguarding safely said same satisfy saved scan score scrutinizing second seconds security see send sensitive sent september service session several share sharing short should sigma sign signal signals simple simply single sites situations six slows smartphone social solution solutions some sometimes source spamming special standing starts steal stealing steals stole stolen stop streamlining success successful succession succumbed such suffered surface systems tactic tactics take taking tap target targeted tasks teams technical techniques technologies technology telemetry temporary than that them then these though threat three thus thwart ties time times tip: token tokens too |
| Tags | Ransomware Data Breach Malware Tool Threat Technical |
| Stories | Uber |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.