A security consultant notices an attacker sending many authorization requests to a user’s mobile device. The user concedes after receiving so many notifications and taps the approval. Which tactic describes overwhelming a target with repeated prompts to gain access?
Generating numerous approval messages, anticipating a user will agree to end the constant alerts
Leveraging reused hashes from a cached system to bypass additional login prompts
Embedding a macro within a file so that the code executes without repeated user interaction
Pilfering high-level tickets from a domain controller for unrestricted account impersonation
Repeated prompts rely on user annoyance. Eventually, the user taps accept, relinquishing security controls. This is different from planting malicious macros or capturing credentials from a server, which do not rely on flooding the user’s device with requests. Stealing a hash also differs because it uses existing credentials, not user exhaustion.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the tactic of overwhelming a target with repeated prompts called?
Open an interactive chat with Bash
How does an MFA fatigue attack differ from social engineering attacks?
Open an interactive chat with Bash
What are some ways to mitigate MFA fatigue attacks?