What is MFA Prompt Bombing Attacks?

Prompt Bombing preview
Prompt bombing header

Notifications are now a very common occurrence in our lives. Pop ups for our mobile devices are always being sent to update us and even act as a security measure. This has become so common in fact, that many people stopped paying attention to what notifications pop up. Once it has become a routine, some people do actions “without thinking” and this is where security risks can happen.

Take Multifactor Authentication (MFA) as an example, it is slowly becoming an essential security step in today’s applications and accounts. Whenever you place your credentials or use an online service like money transfer, many require you to use an authenticator that is attached to your mobile device. As an extra step in your security, it helps defend against bad actors who have gotten your credentials from other methods from using it to steal financial resources or data through something that is not as easily obtained.

MFA Prompt Bombing to Create Fatigue

MFA Fatigue

Despite the pros of an MFA solution, it does come with the inconvenience that users must use another system to verify their identity. This also come from a different device that they may be using that is closer to their personal life. Threat actors know that there are lapses in people’s attention, so they take advantage of it. Once they know your credentials, they try to induce alert fatigue on the user by pushing the MFA push notifications many times. They either try to make the user click on one alert for confirmation while they are inattentive with all the notifications or through spam that makes them confirm out of annoyance.

All it takes is just one mistaken approval from the user’s side and they will be able to access the business network. This small mistake can have major repercussions to the business that users don’t understand.

Protecting your Business from These Attacks

MFA Protection

The simplest way to reduce the risk of getting hit by these types of attacks is user education. By educating your users, you arm them with the knowledge of what is normal when it comes to MFA notifications. It is much like hearing someone knocking at the door, you don’t just let them in without checking who is on the other side. Why should a user allow a login request when they are not requesting a login for themselves.

Another way is to use MFA solutions that are better equipped to handle these kinds of attacks like RSA. RSA technology has a wide range of features that make use of context within their notification requests that users can look into before confirming. This includes timestamps, applications, and even location of where the notification is.

To learn more about recent attacks like prompt bombing or MFA solutions like RSA, you may send us an email at marketing@ctlink.com.ph!