Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and public health (HPH), government, information technology, engineering, and energy sectors.
Push bombing is a tactic employed by threat actors that floods, or bombs, a user with MFA push notifications with the goal of manipulating the user into approving the request either unintentionally or out of annoyance.
This tactic is also referred to as MFA fatigue. Phishing-resistant MFA is the best mechanism to prevent push bombing, but if that's not an option, number matching - requiring users to enter a time-specific code from a company approved identity system - is an acceptable backup.
The end goal of these attacks is to likely obtain credentials and information describing the victim's network that can then be sold to enable access to other cybercriminals.
Collection
[
|
...
]