Blog

Microsoft Enabling New Security Enhancement to Combat MFA Fatigue Attacks

Microsoft is taking steps to combat a rise in Multifactor Authentication (MFA) Fatigue attacks that have been plaguing Authenticator app users. These attacks are used to overwhelm users into approving unexpected and unauthorized requests for access into critical systems. Microsoft’s latest security feature aims to add an extra layer of security to prevent potential breaches.

Key Takeaways:

  • Cybercriminals send Authenticator users repeated, bogus requests for access in what have been called Multifactor Authentication (MFA) Fatigue attacks
  • Microsoft is combating the rise in MFA Fatigue attacks by introducing an enhanced security feature called number matching
  • This feature will be fully implemented for all users by February 28, 2023 but it’s recommended that your organization enact it sooner

Protecting your company’s data against ransomware attacks is difficult enough, but now there’s a new way cybercriminals are taking advantage of security weak points. MFA Fatigue attacks occur when a threat actor runs a script that repeatedly attempts to log into an account with stolen credentials, causing a seemingly endless stream of push notifications to be sent to the account owner’s mobile device. These repeated notifications can cause either an accidental approval of the bogus request or the user approves the request to finally end the stream of notifications.

Crafty Cybercriminals Target MFA Users with Increasing Sophistication 

In some cases, criminals will attempt to contact the target by impersonating IT support either through email, over the phone, or through messaging platforms to convince the user to accept the prompt. Once approved, cybercriminals can give themselves access to other areas and potentially lock users out of critical areas.

New Number Matching System to Prevent MFA Fatigue Attacks

As these attacks have increased in numbers, Microsoft Security has implemented number matching as a method to verify the true account owner. Number matching will be automatically enabled for all users by February 28, 2023. Once the number matching feature is enabled, it can’t be disabled or turned off.

To increase security and reduce accidental approvals, your authentication process will now require employees to enter a two-digit number displayed on the sign-in screen to the Authenticator app on their phone when approving an MFA request.

Why This Matters Now

While number matching will be made a permanent feature in February 2023, it’s recommended that businesses implement the enhancement sooner rather than later. Preventing MFA Fatigue attacks is of course a priority, but so is acclimating your employees to the new system. Implementing the feature as soon as possible will also allow you ample time to address or fix any issues that arise with this security update.

Anders Technology advisors are taking immediate steps to mitigate the risk for our clients. To learn more about this update and the impact it may have on your business, contact an Anders advisor below.

Request A Meeting
View all Blog Posts

Our firm provides this information for general educational guidance only and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Podcasts posted by Anders CPAs + Advisors are not intended to be used and cannot be used by any individual or business, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose. Please note that some content may be generated using artificial intelligence and is intended for educational and informational purposes only. In no way does listening, reading, emailing or interacting on social media with our content establish a professional relationship.

Be the first to know

Subscribe to our newsletter and receive the information that matters to you.
Subscribe

Related Posts

What is a Virtual CFO, and What Does a Virtual CFO Do?

A virtual CFO (aka virtual Chief Financial Officer, outsourced CFO, or part-t...

View More

What's a Maturity Model Anyway?

Jamie Nau and Jody Grunden pull back the curtain on how small business owners...

View More

The Fraud Triangle: Three Conditions That Increase the Risk of Fraud

In order to deter, detect and investigate fraud, one must understand how and ...

View More

Talk To Anders

We do more than solve problems – we help you sleep better at night.

Call Us(314) 655-5500
Send us a message

New Look. New Feel. Same Anders.

Welcome to our new website. Get ready to experience The Power to Dream Big.

Visitors of SummitCPA.net: You’re in the right place – New look. New feel. Same Virtual CFOs.

Continue to site