Multi-Factor Authentication (MFA) does an excellent job of preventing unauthorised access to a user’s account. If a threat actor can obtain your username and password, MFA should keep your account protected and prevent any access. As MFA has become more popular and widespread, threat actors have also developed new strategies to breach your account. In recent months there has been an increase in attacks known as ‘MFA fatigue’ or ‘MFA push notification spam’. As the University of New England (UNE) is in the process of our MFA rollout, it’s important to recognise this method and know what to do if it’s happening to you.

What is MFA Fatigue?

MFA fatigue is when a user gets constant MFA push notifications to approve access; even if the access is denied they will continue to receive these push notifications as the threat actor will just keep trying to log in with your credentials until the access is approved. MFA fatigue relies on the MFA service using push notifications for approval, which our MFA provider ‘DUO’ does. In normal circumstances, if an MFA user receives a push notification that they did not make, they can decline the push request which will prevent unauthorised access. But in this situation, they’re hoping for the user to either think there’s a glitch with the MFA service or they simply get annoyed enough with the spamming that they approve the access just so the notifications stop. Once approved, the attacker will have full access to their account.

Preventing MFA fatigue attacks

The best way for preventing MFA fatigue is simply by being aware and educated on what it is and how to respond. If you’re experiencing this, it means someone has your account username and password. Our MFA provider DUO is currently developing strategies to combat MFA fatigue; however, this is still only in its early access phase (more information here). The most important thing you can do in this situation is to change your UNE password as soon as possible and reach out to our IT Support team. Do not, under any circumstances, approve an access request that has not come from you. This could have serious consequences for your account and the organization.

Please review the resources available to help you change your password.

As always, we are reliant on people being vigilant and reporting suspicious activity on their systems to servicedesk@une.edu.au, +61 (2) 67735000.
If you haven’t already, we would encourage you to visit the UNE Cyber Security webpage and undertake the UNE Cyber Security Awareness training.

Thanks for your support in helping us maintain the cyber security integrity of UNE.

Source:

MFA Fatigue Attacks