What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-21 08:35:02 | Prévenir les attaques de fatigue du MFA: sauvegarder votre organisation Preventing MFA Fatigue Attacks: Safeguarding Your Organization (lien direct) |
Gaining access to critical systems and stealing sensitive data are top objectives for most cybercriminals. Social engineering and phishing are powerful tools to help them achieve both. That\'s why multifactor authentication (MFA) has become such an important security measure for businesses and users. Without MFA as part of the user authentication process, it is much less challenging for an attacker with stolen credentials to authenticate a user\'s account. The primary goal of MFA is to reduce the risk of unauthorized access, especially in situations where passwords alone may not provide enough protection. Even if an attacker steals a user\'s password, with MFA they still need the second factor (and maybe others) to gain access to an account. Examples of MFA factors include biometrics, like fingerprints, and signals from user devices, like GPS location. MFA isn\'t a perfect solution, though-it can be bypassed. Adversaries are relentless in their efforts to undermine any security defenses standing in the way of their success. (The evolution of phish kits for stealing MFA tokens is evidence of that.) But sometimes, attackers will choose to take an in-your-face approach that is not very creative or technical. MFA fatigue attacks fall into that category. What are MFA fatigue attacks-and how do they work? MFA fatigue attacks, also known as MFA bombing or MFA spamming, are a form of social engineering. They are designed to wear down a user\'s patience so that they will accept an MFA request out of frustration or annoyance-and thus enable an attacker to access their account or device. Many people encounter MFA requests daily, or even multiple times per day, as they sign-in to various apps, sites, systems and platforms. Receiving MFA requests via email, phone or other devices as part of that process is a routine occurrence. So, it is logical for a user to assume that if they receive a push notification from an account that they know requires MFA, it is a legitimate request. And if they are very busy at the time that they receive several push notifications in quick succession to authenticate an account, they may be even more inclined to accept a request without scrutinizing it. Here\'s an overview of how an MFA attack works: A malicious actor obtains the username and password of their target. They can achieve this in various ways, from password-cracking tactics like brute-force attacks to targeted phishing attacks to purchasing stolen credentials on the dark web. The attacker then starts to send MFA notifications to the user continuously, usually via automation, until that individual feels overwhelmed and approves the login attempt just to make the requests stop. (Usually, the push notifications from MFA solutions require the user to simply click a “yes” button to authenticate from the registered device or email account.) Once the attacker has unauthorized access to the account, they can steal sensitive data, install malware and do other mischief, including impersonating the user they have compromised-taking their actions as far as they can or want to go. 3 examples of successful MFA fatigue attacks To help your users understand the risk of these attacks, you may want to include some real-world examples in your security awareness program on this topic. Here are three notable incidents, which are all associated with the same threat actor: Uber. In September 2022, Uber reported that an attacker affiliated with the threat actor group Lapsus$ had compromised a contractor\'s account. The attacker may have purchased corporate account credentials on the dark web, Uber said in a security update. The contractor received several MFA notifications as the attacker tried to access the account-and eventually accepted one. After the attacker logged in to the account, they proceeded to access other accounts, achieving privilege escalation. One action the attacker took was to reconfigure Uber\'s OpenDNS to display a graphic image on some of the company\'s internal sites. Cisco. Cisco suffer | Ransomware Data Breach Malware Tool Threat Technical | Uber | ★★★ |
1
We have: 1 articles.
We have: 1 articles.
To see everything:
Our RSS (filtrered)
