🫠 Social Engineering. MFA-fatigue (MFA Fatigue).
• MFA Fatigue is one of the social engineering methods used by attackers to bypass multi—factor authentication, causing an endless stream of push requests sent to the account owner's mobile device. If the victim accepts the request, the attacker will successfully complete the authorization.
• When conducting an attack using the MFA Fatigue method, the attacker runs a script that tries to connect to the network using compromised usernames and passwords. The nuance is that the authorization attempt is non-stop. This leads to an infinite number of notifications to the victim's device.
• The attackers' task is to maintain the pace for as long as possible in order to eventually "break" the victim. A visual demonstration is presented in this video:
• If the victim confirms the incoming request, notifications are stopped, and the attacker successfully logs in to the system.
• This technique proved to be extremely successful and was used by groups such as Lapsus$ and Yanluowang in hacking Microsoft, Cisco and Uber.
• Here we can assume that it is enough for the victim to change the password and that will be the end of it, but let's look at the situation from the other side: imagine how many employees in the company are not connected with IT (not to mention information security)? A typical accountant will never guess what such a number of notifications is connected with and sooner or later will click on the "Approve" button.