What is MFA Bombing ?

This cyber evasion technique consists of someone attempting to access a corporate network as the user. They will have already gained the username and password credentials via a phishing link or fake website and the last hurdle they need to overcome is the second factor of security authentication. In most cases, the user would be sent notifications to approve the MFA request, this is done in a few ways; 

• Sending a large amount of MFA requests, hoping the target accepts one of these to stop the constant pinging of their phone (late at night for example). 
• Sending one or two more targeted MFA requests per day, which often attracts the user’s attention less but can still be successful if believed. 
• In some very rare cases there have even been phone calls to a target pretending to be an employee of their company to get the user to trust them. They tell them that they will be sending an MFA request and ask them to approve it or read back the code displayed. 

If the user is tricked into believing that the request come from the company and clicks on the notification to approve it, then the threat actor can gain access to the organisation’s systems. Always be vigilante when approving these requests.