Defending Against MFA Bypass Attacks with Strong MFA & Trusted Endpoints
One could argue that Captain Monica Rambeau has always been a hero, from her early days encouraging her mom to help Carol Danvers to her time working for S.A.B.E.R. But when she was exposed to reality altering energy in Marvel Studios’ WandaVision, her life changed forever. She gained the power to perceive and manipulate energy across the electromagnetic spectrum.
Much like Captain Monica Rambeau’s own journey, MFA is evolving to help security teams protect against a new kind of threat: MFA bypass attacks. In this blog, we’ll discuss some of the ways you can use MFA and features like Duo’s Trusted Endpoints to protect against MFA bypass attacks.
Be sure to tune into our webinar - Authenticate Further, Defend Faster with Higher Security from Duo – to learn more about ways to protect against MFA bypass attacks, credential theft and compromised third-party security. Attendees will receive limited-edition sunglasses, so they can fight cyberthreats in style.*
And be sure to catch all the action in Marvel Studios’ The Marvels, in US cinemas November 10th!
What is an MFA bypass attack?
MFA bypass attacks are techniques attackers use to circumvent the additional layers of security that multi-factor authentication provides. These attacks usually target a specific MFA component, and they can take many forms.
For example, MFA fatigue attacks make use of push notifications. After attackers find a valid credential/app pairing, they will spam MFA push notifications to the actual user associated with the account. These attacks succeed when the user, either by accident or from sheer frustration, confirms an MFA push and grants the attacker access to the resource.
Often operating in tandem with MFA fatigue attacks, social engineering attacks involve attackers reaching out to users to convince them to provide the access information. For example, an attacker might message a user pretending to be part of the organization’s security team. They will inform the user that they are about to receive an MFA notification, then ask them to confirm it. While users believe they are helping their own security teams, they are actually giving attackers access to the network. And if users deny the request, attackers can quickly change tactics to an MFA fatigue attack to wear the user down.
Protecting against MFA bypass attacks with stronger factors
While the rising frequency of these kinds of attacks indicates the effectiveness and prevalence of MFA, that’s a small comfort to security teams. After all, their job of protecting the network hasn’t changed. So how can security teams get ahead of this new threat?
Just like Captain Monica Rambeau helped protect the world as a S.A.B.E.R. agent, security teams need to strengthen their MFA solutions by relying on stronger factors.
MFA has historically leveraged factors like phone calls, SMS messages or tokens to confirm users’ identities. But while these factors are better than nothing, they’re far from the most secure version of MFA available today. Push notifications with number matching – like Duo’s Verified Push – or FIDO2-compliant authenticator options – like biometrics or a security key - can help keep attackers from bypassing MFA to access accounts. An MFA fatigue attack cannot work when attackers also need to input a multi-digit number that only users know. And a social engineering attack may falter when users must input biometric information – like a fingerprint – to gain access to the resource.
Using Duo’s Trusted Endpoints policies to control the devices accessing your network
When defending against MFA bypass attacks, you can take your security a step further by controlling what devices are allowed to access your network. This is where features like Duo’s Trusted Endpoints are useful.
Trusted Endpoints helps your team create and enforce policies that limit access to certain applications based on whether a device is managed or unmanaged. While a company-issued and managed device may be given access to sensitive information, unmanaged personal devices may have their access restricted or blocked entirely. And if you have a BYOD policy in place or third-party contractor or partner devices that need access to certain resources, you can enforce trust through device registration and then adding them to your inventory of trusted devices.
The ability to see and control the endpoints attempting to access company resources helps security teams get ahead of MFA bypass attacks. It’s like an additional superpower, helping to keep the network safe against more advanced threats.
Educating users on MFA bypass techniques
We’re all about a good team up, and it’s important to remember that not even Super Heroes always work alone. Just like Captain Monica Rambeau teamed up with Captain Marvel and Ms. Marvel, security teams can find allies in their users if they properly educate them.
Let your users know that security teams will never call or message them asking to verify an unknown push or share information like authentication codes. Explain how MFA bypass attacks work so that your users can recognize them for what they are. And then tell your users who they should notify if they experience one of these attacks.
By educating your users, you can turn them into allies who will help security teams defend the network. At the very least, you can get them into the habit of reporting suspicious MFA activity to security teams, who in turn gain more visibility into attacks targeting the company network.
Ready to take advantage of this security team-up?
We’ve seen Captain Monica Rambeau evolve from Lieutenant Trouble into a Super Hero in her own right. And in Marvel Studios The Marvels, we’re sure to see her go further than she’s ever gone before. But she’s not the only one facing down this new threat. She has Captain Marvel and Ms. Marvel at her side.
Similarly, MFA has evolved since its debut more than a decade ago. But it’s not the only tool in your toolbox for defending against new cyber threats. Be sure to tune into our webinar, Authenticate Further, Defend Faster with Higher Security from Duo to learn more about how you can better defend your environment. And check out some of our other Marvels blog posts on the access management tools at your disposal.
Whatever you do, don’t miss Marvel Studios’ The Marvels, in US cinemas on November 10th!
*Only available in the U.S. while supplies last.