Show in Graph
Common Information
Type Value
Value 
Multi-Factor Authentication - T1556.006
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts. Once adversaries have gained access to a network by either compromising an account lacking MFA or by employing an MFA bypass method such as [Multi-Factor Authentication Request Generation](https://attack.mitre.org/techniques/T1621), adversaries may leverage their access to modify or completely disable MFA defenses. This can be accomplished by abusing legitimate features, such as excluding users from Azure AD Conditional Access Policies, registering a new yet vulnerable/adversary-controlled MFA method, or by manually patching MFA programs and configuration files to bypass expected functionality.(Citation: Mandiant APT42)(Citation: Azure AD Conditional Access Exclusions) For example, modifying the Windows hosts file (`C:\windows\system32\drivers\etc\hosts`) to redirect MFA calls to localhost instead of an MFA server may cause the MFA process to fail. If a "fail open" policy is in place, any otherwise successful authentication attempt may be granted access without enforcing MFA. (Citation: Russians Exploit Default MFA Protocol - CISA March 2022) Depending on the scope, goals, and privileges of the adversary, MFA defenses may be disabled for individual accounts or for all accounts tied to a larger group, such as all domain accounts in a victim's network environment.(Citation: Russians Exploit Default MFA Protocol - CISA March 2022)
Details Published Attributes CTI Title
Details Website 2024-11-10 0 Solid Security Pro Review
Details Website 2024-11-10 0 Top 5 Cybersecurity Best Practices Every Business Should Follow
Details Website 2024-11-10 0 Building a Resilient Cloud: Essential AWS Security Services Explained
Details Website 2024-11-10 2 Go Without MFA or Data Backups: Which is Worse? | Grip
Details Website 2024-11-10 1 Understanding Cybersecurity: How to Protect Yourself from Online Threats in 2024
Details Website 2024-11-10 1 Alphabay’s Growing Influence on the Dark Web: What You Need to Know
Details Website 2024-11-10 1 The Top 10 Dark Web Marketplaces in 2024: An Insight into Hidden Online Platforms
Details Website 2024-11-10 0 Modern Authentication Overview and Use Cases
Details Website 2024-11-09 19 TRACKING RANSOMWARE : OCTOBER 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-11-09 0 One Reset Away from Ruin: The Hidden Threat in Your Inbox
Details Website 2024-11-09 0 Insider Threats: The Hidden Dangers Within Your Organization
Details Website 2024-11-09 1 Rudiments of Cyber Security: The CIA Triad
Details Website 2024-11-09 0 Access, and why you need less of it..
Details Website 2024-11-09 0 Zero-Trust Cybersecurity Frameworks in Academia: Protecting Research and Data in the Digital Age
Details Website 2024-11-09 0 The Role of Cybersecurity in Business Trust and Growth
Details Website 2024-11-09 0 Spy-Curious About Security?
Details Website 2024-11-09 0 The Symbiotic Relationship Between Cybersecurity Frameworks and Controls
Details Website 2024-11-08 0 Cloud Security Best Practices
Details Website 2024-11-08 0 Zero Trust Architecture: The Cybersecurity Revolution Redefining Trust
Details Website 2024-11-08 0 STRIDE-Threat Modelling Methodology
Details Website 2024-11-08 5 The Impact of Global Malware Attacks on Cybersecurity Strategies
Details Website 2024-11-08 0 New Healthcare Cybersecurity Bill Introduced: HISAA Explained | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-11-08 5 Cybersecurity News Review — Week 45
Details Website 2024-11-08 0 Did London Drugs cyber attack help prep other BC retailers? | #cybercrime | #infosec | National Cyber Security Consulting
Details Website 2024-11-08 0 Google To Make MFA Mandatory for Google Cloud in 2025