Okta MFA Exhaustion
Description
A social engineering technique called ‘MFA Fatigue’, aka ‘MFA push spam’ or ‘MFA Exhaustion’, is growing more popular with threat actors as it does not require malware or phishing infrastructure and has proven to be successful in attacks.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Authentication, Risk
- Last Updated: 2022-09-27
- Author: Michael Haag, Splunk
- ID: 7c6e508d-4b4d-42c8-82de-5ff4ea3b0cb3
Narrative
An MFA Fatigue attack is when a threat actor runs a script that attempts to log in with stolen credentials over and over, causing what feels like an endless stream of MFA push requests to be sent to the account’s owner’s mobile device. The goal is to keep this up, day and night, to break down the target’s cybersecurity posture and inflict a sense of “fatigue” regarding these MFA prompts.
Detections
Reference
- https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/
- https://www.csoonline.com/article/3674156/multi-factor-authentication-fatigue-attacks-are-on-the-rise-how-to-defend-against-them.html
source | version: 1