Deceptive MFA Prompts

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Deceptive MFA Prompts

Description of Element:

Goal: Disrupt and delay attackers attempting to bypass Multi-Factor Authentication (MFA).

Approach: Presenting attackers with deceptive MFA prompts.

When an attacker attempts to log in, present them with an unexpected MFA prompt, even if they have valid credentials. This can be a fake push notification, a request for a non-existent biometric scan, or a challenge question with no right answer.

Technical Context:

This element requires integration with the MFA system. The goal is to confuse the attacker, make them believe they have the wrong credentials, or simply buy time for incident response. This aligns with the MITRE ATT&CK technique T1566.001 (Phishing: Spearphishing Attachment).

Other:

Combine this with delayed responses to the fake MFA prompts to further frustrate and slow down attackers.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense