There have been a number of articles recently that describe yet another hacking technique that relies on what is termed “MFA Fatigue”. This is where the hacker has the victim’s cloud service credentials and encounters the MFA challenge. Where ‘push’ notifications are configured the hacker will invoke multiple ‘push’ notifications in the hope that victim will eventually tire and just click ‘accept’ when the latest in a long series of notifications is presented.
The American CyberSecurity and Infrastructure Security Agency (CISA) have issued a couple of useful fact sheets aimed at defeating MFA fatigue.