Common Information
| Type | Value |
|---|---|
| Value |
Multi-Factor Authentication - T1556.006 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts. Once adversaries have gained access to a network by either compromising an account lacking MFA or by employing an MFA bypass method such as [Multi-Factor Authentication Request Generation](https://attack.mitre.org/techniques/T1621), adversaries may leverage their access to modify or completely disable MFA defenses. This can be accomplished by abusing legitimate features, such as excluding users from Azure AD Conditional Access Policies, registering a new yet vulnerable/adversary-controlled MFA method, or by manually patching MFA programs and configuration files to bypass expected functionality.(Citation: Mandiant APT42)(Citation: Azure AD Conditional Access Exclusions) For example, modifying the Windows hosts file (`C:\windows\system32\drivers\etc\hosts`) to redirect MFA calls to localhost instead of an MFA server may cause the MFA process to fail. If a "fail open" policy is in place, any otherwise successful authentication attempt may be granted access without enforcing MFA. (Citation: Russians Exploit Default MFA Protocol - CISA March 2022) Depending on the scope, goals, and privileges of the adversary, MFA defenses may be disabled for individual accounts or for all accounts tied to a larger group, such as all domain accounts in a victim's network environment.(Citation: Russians Exploit Default MFA Protocol - CISA March 2022) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-13 | 0 | Mobile Application Penetration Testing Checklist | ||
| Details | Website | 2024-11-13 | 2 | Top Bot Attack Predictions for Holiday Sales 2024 | ||
| Details | Website | 2024-11-13 | 0 | Automating Identity and Access Management for Modern Enterprises - GBHackers Security | #1 Globally Trusted Cyber Security News Platform | ||
| Details | Website | 2024-11-13 | 0 | 2024’s Most Common Cyber Threats and How to Defend Against Them | ||
| Details | Website | 2024-11-13 | 2 | Major Cyber Attacks in Review: October 2024 - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-11-13 | 0 | Warning: Online shopping threats to avoid this Black Friday and Cyber Monday | ||
| Details | Website | 2024-11-13 | 0 | Warning: Online shopping threats to avoid this Black Friday and Cyber Monday | Malwarebytes | ||
| Details | Website | 2024-11-13 | 0 | How to Protect Yourself and Your Business from Cyber Attacks in 2025 | ||
| Details | Website | 2024-11-13 | 0 | The Top 5 Cybersecurity Threats in 2024 — And How to Defend Against Them | ||
| Details | Website | 2024-11-13 | 5 | Major Cyber Attacks in Review: October 2024 | ||
| Details | Website | 2024-11-13 | 0 | Advanced Cybersecurity Solutions with Expert Managed Services | ||
| Details | Website | 2024-11-13 | 2 | Your Guide to Bad Bots Management | ||
| Details | Website | 2024-11-13 | 5 | Australian Cyber Security Center Reports 2023 Vulnerabilities | ||
| Details | Website | 2024-11-13 | 0 | Authentication Vulnerabilities | ||
| Details | Website | 2024-11-13 | 0 | Fake Job Ads and Fake Identities: How North Korea Gets Its Hands on Our Data | ||
| Details | Website | 2024-11-13 | 0 | Mitigating Cybersecurity Threats in Channel Partner Management | ||
| Details | Website | 2024-11-13 | 0 | The Department Of Labor's Expanded Cybersecurity Guidance: What ERISA Plan Sponsors And Fiduciaries Need To Know - Security - Technology | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-13 | 0 | Cybersecurity Trends For 2024 | ||
| Details | Website | 2024-11-13 | 0 | Ransomware Protection: Lessons from the Playbook | ||
| Details | Website | 2024-11-13 | 7 | New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration - CyberSRC | ||
| Details | Website | 2024-11-13 | 0 | Specific Security Cases About Websites Without Anti-Bot Solutions | ||
| Details | Website | 2024-11-13 | 0 | US indicts Snowflake hackers who extorted $2.5 million from 3 victims | ||
| Details | Website | 2024-11-13 | 0 | Security Service Edge (SSE): The Ultimate Guide to Enhancing Data Protection | ||
| Details | Website | 2024-11-12 | 0 | Identity is the New Perimeter: An Infostealer Perspective - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-11-12 | 8 | Evilginx on DigitalOcean |