Hi Purple Team,
As you know, cyber security is incredibly important in our business, and we want to keep our Team informed and alert!
Hackers are constantly creating attacks aimed at exploiting human behaviour
to gain access to devices, but we want to keep YOU a step ahead…
Today, we are looking at Multifactor Authentication (MFA) Fatigue Attacks.
An MFA Fatigue Attack is when a hacker continuously attempts to login with your stolen credentials, causing
what seems like an endless stream of MFA push requests to be sent to the account owner's mobile device.
The aim of these is to cause the user to get frustrated by the notifications and
eventually just approve one to stop the annoying stream of notifications coming in.
How to Identify an MFA Fatigue Attack:
🚩 Multiple Authenticator Notifications/ Unprompted Verification Attempts
- You receive numerous approval requests from the same application without entering any login information.
🚩 Receiving Notifications at Strange Times -For example, if it’s late at night when you usually aren’t
working or if you’re out of the office.
How to Protect Yourself from an MFA Fatigue Attack
✔️ Create a strong password - Use unique passwords and passphrases that have a combination
of at least 14 characters, including upper and lowercase letters, numbers, and symbols.
Please don’t use your name or 123…
✔️ Deny Unidentified Requests - If you receive a sudden flood of MFA push notifications and
didn’t initiate the request, deny the MFA request, and change your password ASAP. Your login
credentials may have been compromised.
✔️ Do not talk to anyone claiming to be from our IT Helpdesk, requesting you to approve an MFA.
- Our Helpdesk should never attempt to log in on your behalf. Tell them you will return the call
and contact our company IT Helpdesk via normal channels or send an email to secops@betsoftware.com,
you can also report this to your manager.
Until next time, stay informed and stay safe.
The BET Software IT Team