Best practices for implementing MFA to combat Brute-forcing attacks
With the rising adoption of multi-factor authentication (MFA), MFA attacks too have become increasingly common. These attacks can range from the devious to the highly sophisticated. Typically, MFA bypass techniques fall into one of two categories: either brute-forcing the two-factor process and attempting to guess the code or using social engineering to trick a targeted user into generating the code and approving a fraudulent access request. In addition to compromising MFA platforms and tricking employees into approving illegitimate access requests, attackers are also using adversary-in-the-middle (AiTM) and proxy attacks to bypass MFA authentication. MFA brute-forcing, which is becoming the new favourite tactic in high-profile breaches such as Uber and Reddit, is the most widely used type of MFA attack where an attacker attempts to gain unauthorized access to an account that is protected by MFA, by using a brute-force attack to guess the corre...