Cybercriminals are finding new ways to bypass Multifactor Authentication (MFA) and gain access to corporate IT systems, posing a real risk to organizations. In a recent attack on Uber’s IT systems in 2022, hackers used a tactic known as an “MFA fatigue attack” to trick an employee into granting them access.
During the attack, the hackers bombarded an employee with repeated login requests until the employee, out of frustration, approved one. This type of attack exploits human vulnerability rather than relying on high-tech hacking methods, according to cybersecurity expert Anna Collard.
Previously, MFA was considered a foolproof method to protect IT systems from hackers. However, attackers are now finding ways around it by bombarding victims with scores of MFA requests or by tricking them over the phone. This social engineering technique is simple yet effective in manipulating users into approving fraudulent access attempts.
To prevent MFA fatigue attacks, Collard recommends disabling push notifications and using alternative verification methods such as number matching or challenge-response methods. FIDO2, an open authentication standard that allows users to log in without passwords, is also an effective verification method.
Collard emphasizes the importance of mindfulness in dealing with cybersecurity threats, urging users to remain calm and mindful rather than reacting emotionally. By staying tuned into their body’s responses and not responding in a knee-jerk fashion, users can thwart potential data breaches.
Overall, organizations must stay vigilant and implement robust security measures to protect against evolving cyber threats and safeguard their sensitive information.