MFA Bombing Taken to the Next Level

MFA Bombing, alternatively referred to as “push bombing” or “MFA fatigue,” is a straightforward invasion of your capacity for tolerance. Cybercriminals breach accounts safeguarded by multi-factor authentication (MFA) using MFA bombardment.

In order to access MFA, users are typically prompted to enter a six-digit code that is generated by an application, sent via SMS, or a push notification, subsequent to entering their username and password. It significantly increases security and significantly complicates the lives of criminals.

Due to its extreme difficulty to breach, criminals have begun to manipulate users into defeating their own MFA.  They accomplish this by attempting to log in with stolen credentials or by repeatedly attempting to reset a user’s password.  This results in the user being inundated with push notifications requesting login approval or password reset messages in both scenarios.

The criminals hope that by doing so, users will either select the incorrect option or become so frustrated with the incessant barrage that they will do anything the messages request in order to halt the inundation.

Brian Krebs claims in this blog post that these assaults have since evolved. The perpetrators will contact you while posing as rescuers if you are able to endure the pressure of the constant alerts.

Krebs describes an instance in which malicious actors inundated a target’s mobile device with password reset notifications pertaining to their Apple ID. Prior to resuming device operations, the user was obligated to select “Allow” or “Don’t Allow” for each individual notification.

The victim received a call from a spoofed network impersonating Apple Support after resisting the urge to select “Allow” and declining “100-plus” notifications.

The purpose of the call was to induce the recipient to reset their password and subsequently provide the one-time code that was sent to their device. Criminals in possession of a reset code could alter the password of the victim, thereby preventing them from accessing their account.

Fortunately, the victim perceived the respondents to be unreliable in this instance; as a result, he requested some of his personal information; however, they erroneously identified him.

Another individual who was the target of the MFA bombardment discovered that despite purchasing a new device and establishing a new Apple iCloud account, the notifications continued to arrive. Since his telephone number remained constant between the two device configurations, this indicated that the attacks were directed at that particular number.

Apple informed yet another target that activating an Apple Recovery Key would permanently disable the notifications from his account, a claim that is contested by both Krebs and the victim.

Unfortunately, once an MFA bombardment attack commences, it appears that little can be done but exercise patience and avoid clicking Allow. Apple Support will never unexpectedly contact you by phone; therefore, you should not trust the caller, regardless of how expedient their timing may be.

Commence the process of recovering your Apple ID by visiting if you lose access to it.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.


Cybercriminals are Targeting macOS Users with Malicious Ads Spreading Stealer Malware

Using CrimeGPT Extension, UP Police Aims to Combat Criminals

Facebook Spied on Snapchat Users Just To Collect Competitive Analytics.

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?