These techniques are not new, but they’re increasingly popular:
Read More Bypassing Two-Factor Authentication
…some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection.
- Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.