MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

MFA prompt bombing attacks exploit user behavior, where attackers trick users into providing their second factor, bypassing multi-factor authentication. This threat affects organizations with workforce authentication using MFA. Attackers use social engineering to manipulate users into handing over their second factor.

1. Attackers use social engineering tactics to trick users into providing their second factor, exploiting human behavior rather than technical vulnerabilities.
2. MFA prompt bombing affects organizations with workforce authentication using MFA, potentially compromising sensitive data and systems.
3. Attackers may use phishing or other tactics to manipulate users into handing over their second factor, often through email or phone calls.
4. Detection opportunities include monitoring for suspicious login attempts, analyzing user behavior, and implementing additional security controls to prevent social engineering attacks.

T1566.001 Spearphishing Attachment

Implement additional security controls, such as security awareness training, to prevent social engineering attacks and educate users on MFA prompt bombing tactics.