A new Proofpoint report highlights MFA fatigue attacks, where users, bombarded by a continuous stream of MFA notifications, hastily approve requests out of frustration. Real-world examples include attacks on Uber, Cisco, and Microsoft by the Lapsus$ threat actor and underscore the prevalence and impact of these tactics.

To mitigate MFA fatigue attacks, the report suggests adopting preventive measures such as time-based one-time passwords (TOTPs), biometric and context-aware authentication, and adaptive authentication. Streamlining authentication, incorporating artificial intelligence (AI) and machine learning for threat detection, enforcing robust password policies, and applying the principle of least privilege access are also recommended. The report also emphasizes educating users, sharing experiences within the cybersecurity community, and continuously adapting defenses as crucial components in staying resilient against evolving MFA attack methods. Read more at Proofpoint.