Cloud account takeover has become a major problem for organizations. Between 2019 and 2021, account takeover (ATO) rose by 307%. Many organizations use multi-factor authentication (MFA) as a way to stop fraudulent sign-ins. But its effectiveness has spurred workarounds by hackers. One of these is push-bombing.
How Does Push-Bombing Work?
When a user enables MFA on an account, they typically receive a code or authorization prompt of some type. The user enters their login credentials.
Then the system sends an authorization request to the user to complete their login. With push-bombing, hackers start
with the user’s credentials and take advantage of that push notification process. They attempt to log in many times.
This sends the legitimate user several push notifications, one after the other. When someone is bombarded with these, it can be easy to mistakenly click to approve access.
Push-bombing is a form of social engineering attack designed to:
• Confuse the user
• Wear the user down
• Trick the user into approving the MFA request to give the hacker access
Ways to Combat Push-Bombing at Your Organization
• Educate employees
• Reduce business app “sprawl”
• Adopt phishing-resistant MFA solutions
• Enforce strong password policies
• Put in place an advanced identity management solution
Additionally, businesses can use identity management solutions to install contextual login policies. Need help with tightening up security or resources for your staff? Give us a call today and one of our experts will walk you through the process.
