InnerCircle Client Advisory: Introducing MFA Number Matching:

A Proactive Change to Protect Users from MFA Fatigue Attacks

Summary

In partnership with Microsoft, InnerCircle has taken a significant step to shield its customers from an increasingly common type of cyberattack known as multi-factor authentication (MFA) fatigue.

This attack strategy works when a bad actor using illegally obtained login information from methods like phishing and other types of credential compromise, inundates individuals with a flood of multi-factor authentication requests to access their account. Being bombarded by these requests can often lead individuals to unintentionally approve access requests made by the attacker. This is either done by mistake or out of frustration from the relentless app notifications. In turn, this allows hackers to gain access to their accounts. Cyber criminals, such as Lapsus$ and Yanluowang, have used this method to infiltrate major organizations, including Microsoft, Cisco, and Uber.

To combat this, Microsoft has created, and we have implemented, a system called "number matching" in its Microsoft Authenticator mobile application. Number matching is a significant security improvement to the traditional second-factor notifications in the Microsoft Authenticator app. 

In the image below, you can see what the new Microsoft Authenticator app number matching system will look like:

Employee Communication

We ask that you broadly communicate these changes to the individual members of your organization. As always, if any IT issues arise from this change you may contact our First Response Group via email at helpdesk@innercircleit.com.