Page 34 - Cyber Defense eMagazine January 2023

P. 34

New Threat Report Shows Attackers Increasingly

Exploiting MFA Fatigue
By Ben Brigida, Director, Security Operations, Expel

If you want to know what’s happening in the cybersecurity world, it helps to have up-to-date information.
That means staying on top of annual reports discussing the broader trends in security, but it also means
diving into more timely reporting. Expel’s new Quarterly Threat Report provides the opportunity to do just
that, examining incidents identified by the Expel security operations center (SOC) during the third quarter
(Q3) of 2022. Those incidents span a broad range of industries and an even broader range of individual
businesses, and they include alerts, email submissions, and other threat hunting leads.

The report helps to highlight some of the emerging—and continuing—trends from across the
cybersecurity landscape, including the ongoing rise in identity-based incidents and attackers’ increasing
focus on finding new ways to defeat multi-factor authentication (MFA). The full report is available here,
but below is a selection of highlights that lay bare some of the most pressing threats companies faced in
the third quarter of this year.

Attackers Are Exploiting Users’ MFA Fatigue

To be clear, MFA is important—roughly half of the business application compromise (BAC) incidents
included in the report were stopped by MFA or conditional access policies, making its value clear.
Unfortunately, that means the other half slipped through the cracks. While MFA is an essential tool in
organizations’ security strategies, it isn’t enough on its own. Attackers are continuing to identify ways to
exploit some of its weaknesses. Chief among them is the fact that, eventually, many users get tired of
pulling out their phones and engaging with MFA notifications—which leads to poor judgment. The
research shows that in over 80% of successful compromises, MFA and conditional access policies were

29 30 31 32 33 34 35 36 37 38 39