{"id":18460,"date":"2023-07-25T16:10:10","date_gmt":"2023-07-25T20:10:10","guid":{"rendered":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/?p=18460"},"modified":"2023-07-25T16:10:10","modified_gmt":"2023-07-25T20:10:10","slug":"learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations","status":"publish","type":"post","link":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/","title":{"rendered":"Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations"},"content":{"rendered":"<p>Multi-factor authentication (MFA) is an important security measure used to verify the identity of a user when accessing accounts, systems, or applications. Cooper uses MFA to protect our patients\u2019 information and secure access to life-saving technologies. MFA requires users to provide multiple pieces of evidence or factors to prove they are who they claim to be when accessing Cooper\u2019s critical infrastructure. MFA uses the following basic principles:<\/p>\n<ul>\n<li><strong>Something you know<\/strong>: This is typically a <strong>PIN <\/strong>or <strong>password <\/strong>that only the user should <strong>know<\/strong>.<\/li>\n<li><strong>Something you have: <\/strong>This involves physically <strong>possessing<\/strong> an item such as a smartphone, hardware token, or smart card that generates a unique code or key to access secure systems.<\/li>\n<li><strong>Something you are<\/strong>: This refers to <strong>biometric information unique to the user<\/strong>, such as fingerprints, facial recognition, or voice patterns.<\/li>\n<\/ul>\n<p><strong><u>MFA Fatigue and How Cyber Criminals Use It<\/u><\/strong><\/p>\n<p>Once a threat actor has identified that an organization like Cooper uses MFA, they know they need access to three pieces of information: someone\u2019s user ID and password and the organization\u2019s MFA. The first step in MFA exploitation is getting access to a valid user ID and password. Most of the time, the threat actor tries to trick us into providing our user ID and password, primarily through phishing but also through phone calls, texts, etc. Other times, the threat actor will use the large databases of user credentials found on the dark web.<\/p>\n<p>Once the threat actor has access to a valid user ID or password, the next step is to overcome the organization\u2019s MFA. It is important to highlight that MFA is the final layer of security before the threat actor is in our networks. To gain access to a user&#8217;s MFA, threat actors send request after request to a user, hoping the user will get so frustrated at receiving the requests, they will eventually hit \u201capprove.\u201d Once that happens, the threat actor now has access to the Cooper network.<\/p>\n<p><strong><u>How to Identify MFA Fatigue and What You Can Do<\/u><\/strong><\/p>\n<p>Watch out for unexpected MFA requests or prompts that you did not initiate. Cyber criminals are trying to access your account without permission.<\/p>\n<p>If asked to use an MFA method outside of Cooper\u2019s policy or receive notifications about failed login attempts, it&#8217;s a sign that someone might be trying to bypass Cooper\u2019s security measures. It is important to monitor your accounts and keep an eye on your account for any unusual activity or changes you didn&#8217;t make, such as unfamiliar login locations or modifications to your MFA settings. Any changes you do not recognize or that were made without your knowledge may indicate a compromise.<\/p>\n<p>Report any suspicious MFA attempts to Cooper\u2019s <a href=\"mailto:InfoSec@CooperHealth.edu\">information security team<\/a> as soon as possible, as they can assist in identifying the concern and begin steps to secure your MFA.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multi-factor authentication (MFA) is an important security measure used to verify the identity of a user when accessing accounts, systems, or applications. Cooper uses MFA to protect our patients\u2019 information and secure access to life-saving technologies. MFA requires users to provide multiple pieces of evidence or factors to prove they are who they claim to &#8230; <span class=\"more\"><a class=\"more-link\" href=\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/\">[Read more&#8230;]<\/a><\/span><\/p>\n","protected":false},"author":64,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[1],"tags":[],"class_list":{"0":"entry","1":"post","2":"publish","3":"author-areed","4":"post-18460","6":"format-standard","7":"category-uncategorized"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations - Weekly Rounds<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations - Weekly Rounds\" \/>\n<meta property=\"og:description\" content=\"Multi-factor authentication (MFA) is an important security measure used to verify the identity of a user when accessing accounts, systems, or applications. Cooper uses MFA to protect our patients\u2019 information and secure access to life-saving technologies. MFA requires users to provide multiple pieces of evidence or factors to prove they are who they claim to ... [Read more...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/\" \/>\n<meta property=\"og:site_name\" content=\"Weekly Rounds\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-25T20:10:10+00:00\" \/>\n<meta name=\"author\" content=\"areed\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"areed\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/\",\"url\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/\",\"name\":\"Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations - Weekly Rounds\",\"isPartOf\":{\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#website\"},\"datePublished\":\"2023-07-25T20:10:10+00:00\",\"author\":{\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/ea8c42225a60ba5d9bd35d2fe732e79b\"},\"breadcrumb\":{\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#website\",\"url\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/\",\"name\":\"Weekly Rounds\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/ea8c42225a60ba5d9bd35d2fe732e79b\",\"name\":\"areed\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/50b7f61dca39b2bb96424b445bd69cfbeb333ddf397ba7ba9f819d0bae9a914e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/50b7f61dca39b2bb96424b445bd69cfbeb333ddf397ba7ba9f819d0bae9a914e?s=96&d=mm&r=g\",\"caption\":\"areed\"},\"url\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/author\/areed\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations - Weekly Rounds","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations - Weekly Rounds","og_description":"Multi-factor authentication (MFA) is an important security measure used to verify the identity of a user when accessing accounts, systems, or applications. Cooper uses MFA to protect our patients\u2019 information and secure access to life-saving technologies. MFA requires users to provide multiple pieces of evidence or factors to prove they are who they claim to ... [Read more...]","og_url":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/","og_site_name":"Weekly Rounds","article_published_time":"2023-07-25T20:10:10+00:00","author":"areed","twitter_card":"summary_large_image","twitter_misc":{"Written by":"areed","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/","url":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/","name":"Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations - Weekly Rounds","isPartOf":{"@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#website"},"datePublished":"2023-07-25T20:10:10+00:00","author":{"@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/ea8c42225a60ba5d9bd35d2fe732e79b"},"breadcrumb":{"@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2023\/07\/learn-how-cyber-criminals-use-multi-factor-authentication-fatigue-to-attack-organizations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/"},{"@type":"ListItem","position":2,"name":"Learn How Cyber Criminals Use Multi-Factor Authentication Fatigue to Attack Organizations"}]},{"@type":"WebSite","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#website","url":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/","name":"Weekly Rounds","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/ea8c42225a60ba5d9bd35d2fe732e79b","name":"areed","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/50b7f61dca39b2bb96424b445bd69cfbeb333ddf397ba7ba9f819d0bae9a914e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/50b7f61dca39b2bb96424b445bd69cfbeb333ddf397ba7ba9f819d0bae9a914e?s=96&d=mm&r=g","caption":"areed"},"url":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/author\/areed\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/posts\/18460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/users\/64"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/comments?post=18460"}],"version-history":[{"count":1,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/posts\/18460\/revisions"}],"predecessor-version":[{"id":18462,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/posts\/18460\/revisions\/18462"}],"wp:attachment":[{"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/media?parent=18460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/categories?post=18460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/tags?post=18460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}