Microsoft Multi-Factor Authentication (MFA) or Two-factor authentication (2FA), a subset of MFA, is a security feature to protect your account from hackers. With MFA, users must provide two or more pieces of evidence (factors) to verify their identity before being granted access to their account. The most common MFA options are Short Message Service (SMS), One-Time Passcodes (OTP), and push notifications. These security options are meant to make it difficult for hackers to access your account, even if they have your password. However, hackers are now finding 2FA bypass methods that allow them to access your account, even if you have MFA enabled.
Recent investigations by GoSecure Titan Labs have shown that hackers have found ways to bypass MFA and gain access to Microsoft accounts. Using a technique called “MFA Fatigue,” hackers can access accounts protected by 2FA. By bombarding the user with requests for authentication codes, the hackers trick the user into allowing them access to the account.
2FA Bypass is Happening More Due to MFA Fatigue
MFA fatigue attacks target users with MFA-protected accounts that send “approve sign-in” notifications to their mobile devices. Using stolen credentials, the attacker attempts to sign in to the victim’s account multiple times. This results in the victim receiving multiple MFA notifications on their mobile device.
The attacker will then try to social engineer the victim into approving the sign-in attempt. This can be done by asking the victim to approve the sign-in attempt through an email, phone call, or text message. The victim, out of frustration or inability to tell if the sign-in attempt is legitimate or not, will eventually approve the attempt. Once the sign-in attempt is approved, the attacker can access the victim’s account.
MFA Fatigue attacks primarily target Microsoft Office 365 users, as they give hackers access to the entire organization. By gaining access to one user’s account, hackers can then target other users in the organization through email phishing attacks. And given that app-based authentication method is becoming more common, it’s likely that we will see more MFA fatigue attacks in the future.
How Can You Protect Yourself from MFA Fatigue Attacks?
The first step to prevent hackers from finding a 2FA bypass is to protect your login credentials. Without your login credentials, hackers will not be able to attempt to sign in to your account and bombard you with MFA requests.
Hackers use methods such as brute force attacks, phishing attacks, malware, and password reuse, to steal login credentials. You can protect yourself from these attacks by changing your passwords regularly, using a password manager, and being aware of phishing attacks.
If you’re already receiving MFA requests, you can protect yourself by being aware of social engineering attacks. Be suspicious of phone calls, text messages, or emails asking you to approve a sign-in attempt. If you’re unsure if the request is legitimate, you can always call the company or service asking you to approve the sign-in to verify.
If you’re an employee in an organization, reach out to your IT department and let them know when you suspect a 2FA bypass attack. They may be able to configure your account so that you’re not bombarded with requests.
Lastly, you can disable push notifications that request your approval for sign-ins. Opt for numerical codes sent to your mobile device or an authentication app instead.
The Bottom Line: Stop 2FA Bypass
Most small and medium businesses and individuals rely on Microsoft accounts for email, productivity, and collaboration tools. This makes them a prime target for hackers seeking access to sensitive information. So it’s essential to be aware of the 2FA bypass attacks on these accounts and take steps to protect yourself.
We hope you now know how MFA fatigue works and how to protect yourself from these attacks. Stay vigilant and keep your accounts safe.
Contact TCI Technologies today,and we will create a fully customized cyber security plan to fit all of your company’s needs.