Cloud account takeover has become a major problem for organizations.

Between 2019 and 2021, account takeover (ATO) rose by 307%.

MFA is very effective at protecting cloud accounts and has been for many years.

But it’s that effectiveness that has spurred workarounds by hackers.

One of the nefarious ways to get around MFA is push-bombing.

How Does Push-Bombing Work?

A hacker with a user’s credentials takes advantage of the MFA push notification process.

Hackers attempt to log in many times.

This sends the legitimate user several push notifications, one after the other.

Push-bombing is a form of social engineering attack designed to:

·         Confuse the user

·         Wear the user down

·         Trick the user into approving the MFA request to give the hacker access

Ways to Combat Push-Bombing at Your Organization

·         Educate Employees

·         Reduce Business App “Sprawl”

·         Adopt Phishing-Resistant MFA Solutions

·         Enforce Strong Password Policies

·         Put in Place an Advanced Identity Management Solution

Do You Need Help Improving Your Identity & Access Security?

Give us a call today to schedule a chat.