MFA Prompt Bombing: How Hackers Bypass Multi-Factor Authentication

Understanding MFA Prompt Bombing

• 🎯 MFA prompt bombing is a hacking technique where attackers bypass multi-factor authentication by sending a relentless stream of login attempts.
• 💡 This tactic exploits the user's desire to stop the annoyance, leading them to approve a prompt out of desperation.

The Hacker's Method

• 🔑 Attackers first steal a victim's username and password.
• 📱 They then repeatedly attempt to log in, triggering numerous MFA requests to the victim's mobile device.
• 😴 Users, often frustrated or not paying attention, approve the prompt to make the notifications stop, inadvertently granting access.

Real-World Impact and Origin

• ⚠️ The technique leverages the human aversion to being annoyed and inconvenienced.
• 🚨 A quote from the Lapsis Cyber Crime Group highlights the effectiveness of overwhelming users with calls, even late at night.
• 📈 Once access is granted, attackers can enroll new devices, further compromising the account.
• 🌍 This method has been observed being used by nation-state actors, including the Russian threat actor AP29 (Cozy Bear).

'Sneakers' Movie Analogy

• 🎬 The 1992 movie 'Sneakers' provides a cinematic example of MFA prompt bombing.
• 🎭 In a scene, characters use a barrage of excuses and demands (Drano boxes, birthday cake) to overwhelm a security guard, mirroring the tactic of persistent requests to gain access.
• 🔑 This analogy illustrates how overwhelming a gatekeeper, whether a human or a system, can lead to unauthorized entry.