The Yanluowang ransomware gang used it in an strike against Cisco while the Lapsus$ group leaked 37GB of source code stolen from Microsoft after compromising an employee via MFA fatigue. There were some high-profile attacks last year that featured MFA fatigue schemes.
MFA fatigue also is one of any number of reasons Microsoft is leaning on in an industry push – and that of others, including Google and Apple – to do away with passwords entirely as a verification tool. Redmond saw almost 41,000 Azure Active Directory Protection sessions with multiple failed MFA attempts in August 2022, compared with 32,442 a year earlier, and noted that such attacks had "become more prevalent."
:max_bytes(150000):strip_icc()/MSauthenticatorAppSetup1-fab3f7575abb4646b86a938ecfbc775d.jpg "ms auth app")
It's a threat Microsoft, among other vendors and security pros, has been tracking for a couple of years.
0 kommentar(er)
