fbpx

Let's talk

  • By clicking send you agree to our Privacy Policy
  • This field is for validation purposes and should be left unchanged.

How can we help?

1300 228 480 Request support Make a payment

Latest News

Combating MFA Fatigue & MFA Bomb attacks

03/10/2022

Multi-factor Authentication Fatigue (“MFA Fatigue”), is a relatively new attack method that hackers, such as the young kid who got into Uber’s systems mid September, are now employing. The hackers spam you with MFA approval requests until you hit Approve either by accident or out of frustration, thereby granting them access to your account.

It preys on the idea that people are becoming accustomed to many MFA approval prompts each day, and hopes to catch you being inattentive or simply making a mistake. And you only need one mistake to let the bad guys in.

Our recommendation
For all clients who run Microsoft 365, we recommend you:

  • Abandon push/notify based and SMS-based multifactor methods immediately
  • Adopt Microsoft’s number-entry system, which needs you to enter a code on the phone
  • The inclusion of a map showing where the login is originating from, and the application requesting it, helps humans make better decisions.

By removing the methods prone to MFA fatigue attacks and SIM-jacking, your Microsoft 365 accounts will be better protected.

It’s not too hard to implement, your team will need a quick bit of re-educating, and will likely need to re-enroll their MFA before we block push & SMS methods.

We cover off MFA Fatigue and MFA Bombing of attack methods in our Cyber Security Awareness and Training workshops, designed to help your team make better decisions with their cyber security.

Getting it set up

Submit a job request to us and ask for “M365 MFA fatigue hardening” if you’d like to get it implemented or contact our friendly team for more info!

GET PROFESSIONAL IT SUPPORT

Offering a wide range of IT solutions, and located in Perth, WA, and Devonport, Tasmania we service all of Australia and we'd love to hear from you!

Home Contact Form

  • By clicking send you agree to our Privacy Policy
  • This field is for validation purposes and should be left unchanged.