Following the news that:
Here’s how attackers are circumventing Microsoft’s multi-factor authentication
Here’s how attackers are circumventing Microsoft’s multi-factor authentication – OnMSFT.com
Circumventing MFA altogether can be highly effective. In this case the attacker is simply taking advantage of the confusion that normally follows any policy change. It’s perfectly timed – users are confused and they’re unaware of what is expected of them.
User confusion and expectations also enable another attack mentioned – Push Fatigue. You might wonder why a user would respond to a push notification they didn’t initiate, but they do. Sooner or later, given enough attempts some users will simply press “ok” because they have given up understanding what’s being asked of them, they’re tired and don’t care any-more.
It’s a clear reason why we need to minimise the number of steps to authenticate. Every step introduces the chance of user failure, system failure and attack. Keep it simple, keep it one step.
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
There are a number of commonly used verification tools out…
Phishing remains a relentless and highly effective cybersecurity threat. Despite…
Each year, Cybersecurity Awareness Month serves as a valuable reminder…
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics