Lakeside House, Quarry Lane, Chichester PO19 8NY

Microsoft enforces number matching

Multi-factor authentication (MFA) fatigue attacks have been on the rise, so Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off MFA fatigue attacks.

In fatigue attacks, cyber criminals flood targets with mobile push notifications asking them to approve attempts to log into their corporate accounts using stolen credentials.

In these cases, targets will give in to repeated malicious MFA push requests, either by mistake or to stop the endless stream of alerts, allowing the attackers to log into their accounts.

Lapsus$ have already proven that this type of social engineering attack is successful and Yanluowang threat actors used this method to breach high-profile organisations, including Cisco and Uber.

Microsoft have already started to enforce number matching for Microsoft Authenticator MFA alerts, to block MFA fatigue attack attempts across tenants.

"Number matching is a key security upgrade to traditional second factor notifications in Microsoft Authenticator. We will remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications" Microsoft says.

"Relevant services will begin deploying these changes in May, and users will start to see number match in approval requests. As services deploy, some may see number match while others don't."

Microsoft Authenticator

Visit LMS Group HQ