NXLog main page
  • Products
    LOG COLLECTOR
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Community Edition
    Open-source free log collector
    ADD-ONS FOR NXLOG ENTERPRISE EDITION
    NXLog Add-Ons
    Integration with various software
    AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Minder
    Hyper-scalable, API-first agent management
    DATABASE FOR NXLOG ENTERPRISE EDITION
    Raijin Database Engine
    The schemaless SQL database for storing events
    more from nxlog
    Professional Services
    Compare NXLog EE and CE
    NXLog Solution Packs
  • Downloads
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Community Edition
    Open-source free log collector
  • Solutions
    Integrations
    With SIEM, Devices, SaaS...
    Specfic OS support
    AIX, Linux, FreeBSD
    SCADA/ICS
    Energy, Oil & Gas, Transport...
    Windows Event log
    Collect locally or remotely, ..
    DNS Logging
    Enterprise-grade DNS log...
    Log Collection Modes
    Agent-based, Agentless or Cloud
    Agent Management
    Agents management and monitoring
    FIM
    File Integrity Monitoring
    macOS Logging
    ULS events, Apple System Logs ...
    By Industry
    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Partners
    Find a Reseller
    Look for our resellers worldwide
    Technology Ecosystem
    See all our partners and integrations
    Partner Program
    Join our community of partners
  • Resources
    Documentation
    Products guides and integrations
    Blog
    Tutorials, updates and releases
    White papers
    Datasheets, infographics and more
    Videos
    Trainings and tutorial on specific topics
    Webinars
    Community events and webinars
    Case Studies
    Customer success stories
    Community Forum →
  • Support
  • Why Nxlog
    About Us
    Our journey, team and mission
    Customers
    Testimonials and case studies
    Careers
    We are hiring!
    Contact Us →
LOG COLLECTOR
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Community Edition
Open-source free log collector
ADD-ONS FOR NXLOG ENTERPRISE EDITION
NXLog Add-Ons
Integration with various software
AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
NXLog Manager
Manage and monitor NXLog instances
NXLog Minder
Hyper-scalable, API-first agent management
DATABASE FOR NXLOG ENTERPRISE EDITION
Raijin Database Engine
The schemaless SQL database for storing events
more from nxlog
Professional Services
Compare NXLog EE and CE
NXLog Solution Packs
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Manager
Manage and monitor NXLog instances
NXLog Community Edition
Open-source free log collector
Integrations
With SIEM, Devices, SaaS...
Specfic OS support
AIX, Linux, FreeBSD
SCADA/ICS
Energy, Oil & Gas, Transport...
Windows Event log
Collect locally or remotely, ..
DNS Logging
Enterprise-grade DNS log...
Log Collection Modes
Agent-based, Agentless or Cloud
Agent Management
Agents management and monitoring
FIM
File Integrity Monitoring
macOS Logging
ULS events, Apple System Logs ...
By Industry
Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing
Find a Reseller
Look for our resellers worldwide
Technology Ecosystem
See all our partners and integrations
Partner Program
Join our community of partners
Documentation
Products guides and integrations
Blog
Tutorials, updates and releases
White papers
Datasheets, infographics and more
Videos
Trainings and tutorial on specific topics
Webinars
Community events and webinars
Case Studies
Customer success stories
Community Forum →
About Us
Our journey, team and mission
Customers
Testimonials and case studies
Careers
We are hiring!
Contact Us →
Request trial
  • Loading...
Request Trial
April 13, 2023 strategy

MFA Fatigue - What it is, and how to combat it

By Jonathan King

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

A multi-factor authentication (MFA) fatigue attack is a form of a social engineering cyberattack strategy where attackers repeatedly try to make second-factor authentication requests to the target’s email, phone, or other registered devices to gain access to the system. You may also hear about MFA Fatigue attack as MFA Bombing, 2FA fatigue, MFA push spam, MFA Spamming, or prompt bombing.

Technology administrators are always playing a never-ending battle of cat and mouse when it comes to threat actors. They devise a way to attack a system, administrators counter and prevent this method, attackers find an alternate way, and administrators counter. This can be in the form of applying system patches and updates or through more direct measures like configuring email filters and antivirus definitions. They’re not always the most inventive of tactics, but if they produce results, then who’s really to judge? Case and point: MFA Fatigue.

This isn’t some illustrious security operation seen in movies where hackers clickity-clack on a keyboard and try to hack the world. Instead, they use your security tools against your end users to bombard them with authentication requests until they finally cave and allow the action. These requests can be either application-based or phone call based. This form of attack has been attributed to security breaches at Okta, Microsoft, Cisco, and Uber. It really comes down to a digital version of sibling rivalry, where the younger one would chip away at the sanity of the elder child until a fight ensued. Except here, instead of wrestling, you end up handing your keys to your kingdom to the attacker, along with soda pop. So how did we get here, and what can we do?

Hidden risks

MFASecurity

MFA Fatigue occurs when an organization is set to send out push notifications or automated phone calls to end users in order to allow an action or to authenticate themselves. Receive a call 100 times at 1 am; you’ll eventually allow it. Suppose an account protected with push MFA has been exposed. In that case, attackers continuously send authentication requests until the end-user either becomes too frustrated to deal with further requests or mistakes the request for something else.

In addition to these notifications, users have also reported getting sent emails purporting to be from tech support in an attempt to add validity to the push request. If they see a combination of multiple requests and emails from support, all it takes is half a second of memory lapse, and the user allows the request to go through.

Tips to combat against this type of attacks

Multifactor authentication is still important to your defense-in-depth policy and shouldn’t be disregarded easily. As with anything else, we need to tweak the settings to get it right. These will be dependent on the capabilities and restraints within the organization.

Turn off push notifications

This may seem like a no-brainer, but your users cannot get frustrated with push notifications if they don’t receive them. You can still require a 6-digit one-time password (OTP) from the user’s smartphone app.

Add context to your requests

Not every situation allows you to turn off push notifications. If this is the case, adding more information to your request will help the end user make a better-educated decision. Microsoft released this feature for their environment, and Google has done the same.

Change passwords!

This is more after the fact, but if your users receive many authentication requests, it’s because their login information was exposed. Enable your end-users to submit password reset requests remotely. This could be with an app, an email request, or a backup form of communication.

Spread awareness to your employees

This goes along with the previous point, but ensure your end-users are aware of risks like this. Teach them how to identify, notify, and what to do in the event they let an attacker in.

Shift to FIDO-compliant model

fido logo

FIDO authentication, developed by the FIDO Alliance, is a global authentication standard based on public key cryptography. With FIDO authentication, users sign in with phishing-resistant credentials called passkeys. These Passkeys can be synced across devices or bound to a platform or security key, and password-only logins can be replaced with secure and fast login experiences across websites and apps. Given the new nature of this, only a few organizations have adopted it.

Conclusion

Multifactor authentication is still essential to your security policy, but not all MFA implementations are the same. MFA implementing push notifications can subject your end-users to an attack called MFA Fatigue or MFA Bombing. This is a relatively new kind of attack where users relentlessly receive authentication requests or automated calls for their approval to access the account until they accept. The best ways to combat this form of attack include:

  • Turning off push notifications.

  • Adding additional information to the requests.

  • Considering a shift to a FIDO-compliant authentication model.

With some tweaking, your MFA policy can be a robust addition to your security policy. Until the next move in the game of cat and mouse, that is.

GET STARTED TODAY:
CONTACT US Our experts are happy to help REQUEST A FREE TRIAL Give NXLog Enterprise Edition a try GET PRICING Request a quote

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.

  • MFA
  • MFA Fatigue
  • CISO
Share

Facebook Twitter LinkedIn Reddit Mail
Related Posts

Using Raijin Database Engine to aggregate and analyze Windows security events
11 minutes | July 29, 2021

Stay connected:

Sign up

Keep up to date with our monthly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
September 11, 2023
The cybersecurity challenges of modern aviation systems
September 8, 2023
Raijin announces release of version 1.2
August 11, 2023
The Sarbanes-Oxley (SOX) Act and security observability
August 9, 2023
Log Management and PCI DSS 4.0 compliance
August 2, 2023
Detect threats using NXLog and Sigma
July 27, 2023
HIPAA compliance logging requirements
July 19, 2023
Announcing NXLog Enterprise Edition 5.9
June 20, 2023
Industrial cybersecurity - The facts
June 8, 2023
Raijin announces release of version 1.1
May 30, 2023
CISO starter pack - Security Policy
May 2, 2023
Announcing NXLog Enterprise Edition 5.8
April 24, 2023
CISO starter pack - Log collection fundamentals
April 3, 2023
Raijin announces release of version 1.0
March 9, 2023
Avoid vendor lock-in and declare SIEM independence
February 13, 2023
Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON
logo

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2023 NXLog Ltd.

PRIVACY POLICY TERMS OF USE

  • PRODUCTS
  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG ADD-ONS
  • NXLOG MANAGER
  • NXLOG MINDER
  • RAIJIN DATABASE
  • MORE NXLOG
  • COMPARE SOLUTIONS
  • INDUSTRIES
  • INTERGRATIONS
  • FIND A RESELLER
  • PARTNER PROGRAM
  • RESOURCES
  • DOCUMENTATION
  • WHITE PAPERS
  • WEBINARS
  • CASE STUDIES
  • TUTORIALS
  • BLOG
  • COMMUNITY FORUM
  • ABOUT US
  • WHY NXLOG
  • CUSTOMERS
  • CAREERS
  • CONTACT US
  • DOWNLOADS
  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG MINDER
  • NXLOG MANAGER
  • NXLOG ADD-ONS
  • RAIJIN DATABASE