Last Wednesday I published my MFA Primer series and part two looks at this type of cyber attack against multi-factor authentication. In brief when the threat actors have a valid set of credentials they repeatedly try and access the service with them, generating multiple MFA requests to your authenticator app. What the hacker hopes is, that you will get annoyed, careless, forgetful etc. and authorise the request and let them in.
The most important thing to take away from this type of attack is that the hacker has a “valid set of credentials”, which means your’s and your organisation’s cyber security defences have been compromised – basically the threat actors know your password. So get the password changed.
Lawrence Abrams over on BleepingComputer has an in depth article looking at what the right responses are to an “MFA Fatigue Attack”.
What to do when receiving unprompted MFA OTP codes (bleepingcomputer.com)
His message is also – change your password. Remember though to do it securely. At work that means you should notify the person responsible for the IT and Cyber Security, for personal accounts access the affected site directly, not via a link, and change your password there.
Clive Catton MSc (Cyber Security) – by-line and other articles