The issue of cloud account takeover has emerged as a significant concern for many organisations. Think about how many tasks that require a username and password within your company. As a result, employees are compelled to access multiple systems or cloud applications, leading to difficulties in managing login credentials.
To obtain those login credentials, hackers utilise a variety of techniques. Their objective is to obtain user-level access to business data, allowing them to execute advanced attacks and send phishing emails from inside the organisation.
Are account breachers a major problem? Between 2019 and 2021, account takeover (ATO) rose by 307%.
Doesn’t Multi-Factor Authentication Stop Credential Breaches?
Multi-Factor Authentication (MFA) is an effective method to prevent attackers who have acquired usernames and passwords from accessing cloud accounts, and has been in use for several years. However, the effectiveness of MFA has led hackers to develop workarounds, such as push-bombing, to circumvent this security measure.
How Does Push-Bombing work?
Push-bombing is a technique used by hackers to bypass MFA by flooding the targeted user’s mobile device with push notifications. These push notifications may appear to be legitimate, such as a request for a one-time code to confirm a login attempt. They are usually sent as an SMS text, a device popup or an notification from an authenticator app such as Microsoft or Google Authenticator.
We are now used to receiving these notifications as part of the normal login process. It is something we are all familiar with.
The goal of push-bombing is to overwhelm the user with push notifications, making it difficult for them to decide which notifications are legitimate and which are from the attacker.
Many people question the receipt of an unexpected code that they didn’t request. But when someone is bombarded with these, it can be easy to mistakenly click to approve access.
Push-bombing is a form of social engineering attack designed to:
- Confuse the user
- Wear the user down
- Trick the user into approving the MFA request to give the hacker access
As a result, the user may be more likely to approve the attacker’s push notification, giving them access to the account protected by MFA. Push-bombing is a form of social engineering and requires the attacker to have already obtained the user’s login credentials.
How to Combat Push-Bombing
Educate Employees
Knowledge is power. When a user experiences a push-bombing attack it can be disruptive and confusing. If employees have education beforehand, they’ll be better prepared to defend themselves.
Let employees know what push-bombing is and how it works. Provide them with training on what to do if they receive MFA notifications they didn’t request.
You should also give your staff a way to report these attacks. This enables your IT security team to alert other users. They can then also take steps to secure everyone’s login credentials.
Reduce Business App “Sprawl”
On average, employees use 36 different cloud-based services per day. That’s a lot of logins to keep up with. The more logins someone has to use, the greater the risk of a stolen password.
Take a look at how many applications your company uses. Look for ways to reduce app “sprawl” by consolidating. Platforms like Microsoft 365 and Google Workspace offer many tools behind one login. Streamlining your cloud environment improves security and productivity.
Adopt Phishing-Resistant MFA Solutions
You can thwart push-bombing attacks altogether by moving to a different form of MFA. Phishing-resistant MFA uses a device passkey or physical security key for authentication.
There is no push notification to approve with this type of authentication. This solution is more complex to set up, but it’s also more secure than text or app-based MFA.
Enforce Strong Password Policies
For hackers to send several push-notifications, they need to have the user’s login. Enforcing strong password policies reduces the chance that a password will get breached.
Standard practices for strong password policies include:
- Using at least one upper and one lower-case letter
- Using a combination of letters, numbers, and symbols
- Not using personal information to create a password
- Storing passwords securely
- Not reusing passwords across several accounts
We always recommend a password manager and believe that it is so important that it forms part of all of our support packages.
Put in Place an Advanced Identity Management Solution
Advanced identity management solutions can also help you prevent push-bombing attacks. They will typically combine all logins through a single sign-on solution. Users, then have just one login and MFA prompt to manage, rather than several.
Additionally, businesses can use identity management solutions to install contextual login policies. These enable a higher level of security by adding access enforcement flexibility. The system could automatically block login attempts outside a desired geographic area. It could also block logins during certain times or when other contextual factors aren’t met.
Do You Need Help Improving Your Identity & Access Security?
Multi-factor authentication alone isn’t enough. Companies need several layers of protection to reduce their risk of a cloud breach.
Are you looking for some help to reinforce your access security? Schedule a chat to see how we can help improve your security.
If you aren’t ready to schedule a call but would like to learn more about email risks and security, we recommend the following articles: