Wave Systems Corp. (fka WAVXQ)

[Genz2]

MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications

https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications

Excerpts:

Malicious hackers are targeting Office 365 users with a spare of ‘MFA fatigue attacks’, bombarding victims with 2FA push notifications to trick them into authenticating their login attempts.

Multi-factor authentication (MFA) fatigue is the name given to a technique used by adversaries to flood a user’s authentication app with push notifications in the hope they will accept and therefore enable an attacker to gain entry to an account or device.

It does require the attacker to have the victim’s credentials, which “could be obtained via brute forcing, password reuse, or spraying”.

“Once the attacker obtains valid credentials, they will perform the push notification spamming repeatedly until the user approves the login attempt and lets the attacker gain access to the account
==================================================================
Use better security. Use Wave VSC 2.0 (MFA)!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
==================================================================
http://www.wavesys.com/

http://www.wavesys.com/contact-information

Contact Wave

Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com

Gold Customer Support:

goldsupport@wavesys.com

1-800-928-3638

Support:

support@wavesys.com

1-844-250-7077

Sales:

1-877-228-WAVE