MFA prompt bombing is the concept of a low-complexity cyber-attack where the lone goal is to gain access to a system or application that is protected by MFA. The attackers will rely on human error to trick a user into accepting a multi-factor authentication (MFA) request.
The most important factor of MFA prompt bombing for attackers is push-based authentication due to the simplicity that a user is one click away from approving an authentication request.
In a typical MFA prompt bombing attack, cybercriminals will send many MFA approval requests to a user over a short period hoping that the user will be annoyed by the numerous amounts of MFA requests and will give in and accept the authentication request and provide the attacker access.
No matter the annoyance created by MFA prompt bombing, a successful attack will provide the attacker access to accounts or the opportunity to run malicious code on a target system.
In most MFA prompt bombing attacks, the attacker will obtain the credential of their targeted user from common methods such as brute force attacks, getting them online or other common methods to compromise the credentials. Once the attacker has the compromised credentials, they will use one of the following to initiate an MFA prompt bombing attack.
Despite MFA prompt bombing being around for several years, attackers are only now deploying these methods of attacks at a more frequent pace. A recent example of a successful MFA prompt bombing was the Uber breach. The prompt bombing attack on Uber utilized MFA push notifications through a Duo authenticator app and issued multiple push notifications until the request was accepted.
While attackers will continue to deploy MFA prompt bombing techniques, organizations will struggle to fight off MFA prompt attacks as it bypasses standard MFA protection. This creates a major security gap for most organizations due to limited visibility into user activity and authentication requests they receive with standard MFA solutions.
To learn more about how Silverfort helps organizations fight off MFA Prompt attacks, click here
MFA (multi-factor authentication) prompt bombing is a type of attack that aims to overload the authentication system by repeatedly sending authentication requests, resulting in a denial of service (DoS) attack.
The attacker creates a script or bot that repeatedly sends MFA authentication requests to the target system, using either a valid or a spoofed user account. The script or bot can be configured to send requests at a high rate, resulting in a flood of requests that the authentication system is unable to handle.
As a result, the system becomes overwhelmed, and legitimate users are unable to authenticate. The system might even crash, rendering it completely unavailable.
Additionally, the attacker can use the same method with a large number of spoofed accounts, which can cause the system to lock the targeted user out, either temporarily or permanently. This is a type of account lockout attack.
MFA prompt bombing can be a serious threat to the availability of systems that rely on MFA, and it highlights the importance of implementing robust security measures to protect against these types of attacks.
There are several ways to mitigate MFA prompt bombing attacks:
It’s important to note that MFA prompt bombing is a form of DoS attack and is a highly sophisticated and advanced threat, so a combination of multiple security layers is needed to effectively protect against this type of attack.