Return to flip book view

CREATIVE SOLUTIONSRECEIVING A LOT OF APPROVAL MESSAGESFROM MICROSOFT AUTHENTICATOR OR DUOMOBILE? IT COULD BE A CYBER-ATTACK –WHAT TO DOIn some cases, such as with Uber recently, theattacker pushing out repeated MFA notificationscontacted the targeted individual pretending tobe IT support to convince them to approve theMFA request. In Uber’s case, the attackerreached out using WhatsApp, but really, it couldbe via other means such as phone, email ormessaging apps. Here is a message from the hacker whosuccessfully used this technique to gain accessto a user account in Uber: Read the full story hereBACKGROUNDThere has been anincrease in the use of acyber-attack known as‘MFA Fatigue’ recently. Thisattack involves repeatedlypushing approvalrequests to an individual’sMFA Authenticator App –such as the MicrosoftAuthenticator App - in thehopes that the individualwill eventually Approve arequest allowing theattacker access. Ultimately, this attackworks because anindividual might get sooverwhelmed that theyaccidentally click on the'Approve' button or simplyaccept the MFA request tostop the deluge ofnotifications they arereceiving on their phone.WHAT TO DO IF YOU GET REPEATED REQUESTSFOR AUTHENTICATION?MFA ATTACKS: PUSH NOTIFICATIONFATIGUE DEMONSTRATION.Do not panicDo not approve the MFA request Do not talk to unknown peopleclaiming to be from Support whocontact you through unusualmeans, i.e. WhatsApp etc. If you are a target of an MFA attack,and you receive unexpected MFApush notifications:As soon as possible, contact yourLine Manager or IT Service Desk atithelpdesk@brownthomasarnotts.com and explain that you believeyour account is beingcompromised and/or is underattack. Change your account passwordor ask the IT Service Desk tochange it for you if you are not atyour computer.Once your password has beenchanged, the hacker should nolonger be able to issue MFArequests giving you and oursupport team room to breathewhile the compromise isinvestigated.What to Do Instead:BE VIGILANT BE SAFE BE SECURE