What Is Push-Bombing, and How Can It Be Prevented?


Cloud account theft has become a serious problem in many organizations. Imagine all the systems and cloud apps your employees must sign into each day with different user/password combinations requiring sign ins requiring your employees to login multiple times each time!

Hackers use various techniques to gain login credentials. By impersonating users, attackers attempt to gain access to business data. Furthermore, these hackers may launch sophisticated attacks or send insider-phishing emails.

How significant is the account breach problem? Account takeover (ATO) increased by 307% between 2019 and 2021.

Multi-Factor Authentication Doesn't Prevent Credential Breaches Many organizations and individuals use multi-factor authentication (MFA)

As a safeguard against attackers who gain access to usernames and passwords for cloud accounts, from exploiting these for attack. MFA has proven itself effective over many years of protecting cloud accounts.

Push-bombing is one of the nefarious strategies hackers employ to bypass MFA.

What Is Push Bombing Technique? A user will receive an authorization code or prompt when they enable MFA for their account, entering in their login credentials after which the system sends an authorisation request to them.

A request for MFA code will typically come via push notification; however, the code itself can also be obtained in various ways.

  • SMS/text, device popup or app notification - These notifications are part of multi-factor authentication and the user is familiar with them.

  • Hackers begin their attacks by obtaining credentials of victims through either phishing or data breaches containing password dumps.

  • Hackers take advantage of push notifications by trying to log in multiple times; thus causing legitimate users to receive multiple push notifications.

People often express surprise at receiving codes they did not request; when this occurs frequently, it can be easy to click "accept" accidentally.

Confusion the User Hackers have learned to manipulate users into accepting MFA tokens as an entryway into their accounts.

Assume Knowledge Is Power Knowledge is power.

Push-bombing can be confusing and disruptive to users;

By providing employees with educational materials before an attack takes place, employees will be better equipped to defend themselves effectively.

Tell your employees what push-bombing means and how it operates,

As well as providing training on what steps to take should they receive MFA notifications that they did not request.

Provide your staff with an easy way to report any attacks. Your IT team can then notify other users and take necessary measures to secure everyone's login data.

Reduce "Sprawl", or the number of business apps.
Employees typically access 36 different cloud services each day and it can be difficult to keep track of all those logins - the more logins there are, the higher is the risk that one or more will be compromised and used fraudulently.

Consider which applications your company uses.

Consolidate them to reduce "app sprawl".

Platforms like Microsoft 365 or Google Workspace offer multiple tools with one login; simplifying your cloud environment can increase security and productivity.

Utilize MFA solutions that are resistant to phishing

By switching over to another form of MFA, you can effectively end push-bombing. Anti-phishing MFA utilizes device keys or physical security codes as authentication mechanisms.

This form of authentication does not rely on push notifications and requires more time and effort to set up. But its implementation increases security.

Hackers rely on user login credentials to send multiple push notifications, so by implementing strong password policies you can reduce the chances of your password becoming compromised.

Standard practices for creating strong password policies include:

  • Use at least one uppercase and one lowercase letter in your text.

  • Combining letters, numbers and symbols

  • Use personal information when creating passwords

  • Safely storing passwords

  • Maintain separate passwords for each account and don't reuse passwords across accounts.

Install an Advanced Identity Management System

One way to prevent push-bombing is with advanced identity management solutions, which often combine all logins into one single sign-on page so users need only deal with one login and MFA prompt, rather than multiple.

Businesses can utilize identity management systems to implement contextual login policies. These solutions offer enhanced security through increased access enforcement flexibility; automatically blocking attempts from outside a specified geographical region or when certain contextual factors do not meet criteria can also be achieved with identity management solutions.

Are You Seeking Help to Strengthen Identity & Access Security?

Multi-Factor Authentication alone will not ensure adequate protection in the cloud environment; to decrease risks associated with breaches in security layers must also be implemented.

Need assistance with access security? Get in touch with us right away to arrange a meeting.