News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | MFA Fatigue and its role in Uber’s breach

Let’s report on another new tactic on the security front — MFA Fatigue.     What’s this?   Wear down your target by continually asking for MFA authentication until the user grants it.    From Bleeping Computer:

An MFA Fatigue attack is when a threat actor runs a script that attempts to log in with stolen credentials repeatedly, causing an endless stream of MFA to push requests to be sent to the account’s owner’s mobile device.

The goal is to keep this up, day and night, to break down the target’s cybersecurity posture and inflict a sense of “fatigue” regarding these MFA prompts.

While we’re at it, it seems to target the smartphone was part of that Uber hack — targeting the phone as an entry point into the network.    Text an Uber employee, claim to be IT and reveal a password.    That from the hacking group to the New York Times — although Uber’s version says it was a corporate password purchased on the dark web after a contractor’s device was infected by malware…. And that contractor was hit with multiple MFA requests, thus, MFA Fatigue. 

Why do we care?

One can easily see how this works.    Wear down the user until they finally say yes.    Annoy them to submission.     I’m hopeful the coming shift to passkeys may help — may.   

I highlight this from an awareness perspective.   Roll this detail into your education.     Users can report this kind of overwhelming asks rather than be worn down by it. 

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories