By now you already know that without credentials, most every cyberattack is going to end before it ever really gets started. With so many phishing attacks targeting credentials to be used in a later campaign, more organizations are getting the hint that they need to have multi-factor authentication (MFA) in place for at least those users with access to critical or valuable data – if not everyone.
But what happens when the threat actor has the credentials but doesn’t have the additional form(s) of authentication?
We’ve recently seen multi-factor authentication request generation attacks dubbed “MFA Prompt Bombing” or “MFA Fatigue” as a means of attempting to get the owner of the credential to validate a logon request by repeatedly hitting them with MFA prompts (via logon requests) until the user just wants it to stop! In cases where the MFA isn’t a one-time passcode (OTP) but instead is based on having an app the user uses to acknowledge it’s them logging in, this kind of attack can work to the threat actor’s advantage.
So, how can you identify these kinds of attacks on MFA?
In this real training for free session, 4-time Microsoft MVP, Nick Cavalancia, takes my seat as he first discusses:
- Real-world examples of MFA Prompt Bombing
- Mitigation strategies to thwart this kind of attack
Up next, you’ll hear from Sally Vincent, Threat Research Senior Engineer and Dan Kaiser, Threat Research Principal Engineer – both from LogRhythm. Sally and Dan will begin with a deep dive on the analysis of MFA product logs (using Okta as the example) that are relevant to detecting unusual authentication activity. From that foundation they will explore threat hunting and real time detection of multi-factor authentication request generation within a network environment using LogRhythm’s dashboarding, investigation and real-time analytics capability to provide you with actionable examples of detection and threat hunting.
This Real Training for Free session will be chock full of practical technical detail! Register now!