Multi-factor authentication stands between you and a threat actor gaining access to your services – but the attackers have come up with a simple way to subvert it. Just keep bombarding you with authentication requests until you either give in or make a mistake. If the hacker has your correct credentials then they are in.
Now Microsoft is enforcing the number-match security step with MFA.
Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)
So now the attacker will be asked to match a number that is only going to be displayed on your device. Even if you are deceived you will not know which of the three options the attacker has been asked to confirm – and by that time you should have realised it is a cyber attack.
Diana Catton MBA – by line and other articles
Further Reading
https://www.cyberawake.co.uk/2022/11/03/something-you-know-something-you-have-or-something-you-are
Clive is away this week, so I am writing the news. You can still get in touch with us via the contact page.