{"id":15418,"date":"2023-06-30T12:00:00","date_gmt":"2023-06-30T12:00:00","guid":{"rendered":"https:\/\/integritech.io\/?p=15418"},"modified":"2023-05-03T15:45:59","modified_gmt":"2023-05-03T15:45:59","slug":"what-is-push-bombing-how-can-you-prevent-it","status":"publish","type":"post","link":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/","title":{"rendered":"What Is Push-Bombing &amp; How Can You Prevent It?"},"content":{"rendered":"<p>Cloud account takeover has become a major problem for organizations. Think about how much work your company does that requires a username and password. Employees end up having to log into many different systems or cloud apps.<\/p><p>Hackers use various methods to get those login credentials. The goal is to gain access to business data as a user. As well as launch sophisticated attacks, and send insider phishing emails.<\/p><p>How bad has the problem of account breaches become? Between 2019 and 2021, account takeover (ATO) <a href=\"https:\/\/resources.sift.com\/ebook\/q3-2021-digital-trust-safety-index-battling-new-breed-account-takeover\/\" target=\"_blank\" rel=\"noreferrer noopener\">rose by 307%.<\/a><\/p><h3 class=\"wp-block-heading\">Doesn\u2019t Multi-Factor Authentication Stop Credential Breaches?<\/h3><p>Many organizations and individuals use multi-factor authentication (MFA). It&#8217;s a way to stop attackers that have gained access to their usernames and passwords. MFA is very effective at protecting cloud accounts and has been for many years.<\/p><p>But it\u2019s that effectiveness that has spurred workarounds by hackers. One of these nefarious ways to get around MFA is push-bombing.<\/p><h2 class=\"wp-block-heading\">How Does Push-Bombing Work?<\/h2><p>When a user enables MFA on an account, they typically receive a code or authorization prompt of some type. The user enters their login credentials. Then the system sends an authorization request to the user to complete their login.<\/p><p>The MFA code or approval request will usually come through some type of \u201cpush\u201d message. Users can receive it in a few ways:<\/p><ul><li>SMS\/text<\/li><li>A device popup<\/li><li>An app notification<\/li><\/ul><p>Receiving that notification is a normal part of the multi-factor authentication login. It\u2019s something the user would be familiar with.<\/p><p>With push-bombing, hackers start with the user\u2019s credentials. They may get them through phishing or from a large data breach password dump.<\/p><p>They take advantage of that push notification process. Hackers attempt to log in many times. This sends the legitimate user several push notifications, one after the other.<\/p><p>Many people question the receipt of an unexpected code that they didn\u2019t request. But when someone is bombarded with these, it can be easy to mistakenly click to approve access.<\/p><p>Push-bombing is a form of social engineering attack designed to:<\/p><ul><li>Confuse the user<\/li><li>Wear the user down<\/li><li>Trick the user into approving the MFA request to give the hacker access<\/li><\/ul><h2 class=\"wp-block-heading\">Ways to Combat Push-Bombing at Your Organization<\/h2><p><\/p><h3 class=\"wp-block-heading\">Educate Employees<\/h3><p>Knowledge is power. When a user experiences a push-bombing attack it can be disruptive and confusing. If employees have education beforehand, they\u2019ll be better prepared to defend themselves.<\/p><p>Let employees know what push-bombing is and how it works. Provide them with training on what to do if they receive MFA notifications they didn\u2019t request.<\/p><p>You should also give your staff a way to report these attacks. This enables your IT security team to alert other users. They can then also take steps to secure everyone\u2019s login credentials.<\/p><h3 class=\"wp-block-heading\">Reduce Business App \u201cSprawl\u201d<\/h3><p>On average, employees use <a href=\"https:\/\/www.cloudzero.com\/blog\/cloud-computing-statistics\" target=\"_blank\" rel=\"noreferrer noopener\">36 different<\/a> cloud-based services per day. That\u2019s a lot of logins to keep up with. The more logins someone has to use, the greater the risk of a stolen password.<\/p><p>Take a look at how many applications your company uses. Look for ways to reduce app \u201csprawl\u201d by consolidating. Platforms like Microsoft 365 and Google Workspace offer many tools behind one login. Streamlining your cloud environment improves security and productivity.<\/p><h3 class=\"wp-block-heading\">Adopt Phishing-Resistant MFA Solutions<\/h3><p>You can thwart push-bombing attacks altogether by moving to a different form of MFA. Phishing-resistant MFA uses a device passkey or physical security key for authentication.<\/p><p>There is no push notification to approve with this type of authentication. This solution is more complex to set up, but it\u2019s also more secure than text or app-based MFA.<\/p><h3 class=\"wp-block-heading\">Enforce Strong Password Policies<\/h3><p>For hackers to send several push-notifications, they need to have the user\u2019s login. Enforcing strong password policies reduces the chance that a password will get breached.<\/p><p>Standard practices for strong password policies include:<\/p><ul><li>Using at least one upper and one lower-case letter<\/li><li>Using a combination of letters, numbers, and symbols<\/li><li>Not using personal information to create a password<\/li><li>Storing passwords securely<\/li><li>Not reusing passwords across several accounts<\/li><\/ul><h3 class=\"wp-block-heading\">Put in Place an Advanced Identity Management Solution<\/h3><p>Advanced identity management solutions can also help you prevent push-bombing attacks. They will typically combine all logins through a single sign-on solution. Users, then have just one login and MFA prompt to manage, rather than several.<\/p><p>Additionally, businesses can use identity management solutions to install contextual login policies. These enable a higher level of security by adding access enforcement flexibility. The system could automatically block login attempts outside a desired geographic area. It could also block logins during certain times or when other contextual factors aren\u2019t met.<\/p><h2 class=\"wp-block-heading\">Do You Need Help Improving Your Identity &amp; Access Security?<\/h2><p>Multi-factor authentication alone isn\u2019t enough. Companies need several layers of protection to reduce their risk of a cloud breach.<\/p><p>Are you looking for some help to reinforce your access security? Give us a call today to schedule a chat.<\/p><p><\/p><p>&#8212;<br><a href=\"https:\/\/pixabay.com\/vectors\/attack-unsecured-laptop-hacker-6806140\/\" target=\"_blank\" rel=\"noreferrer noopener\">Featured Image Credit<\/a><\/p><p>This Article has been Republished with Permission from <a rel=\"canonical noopener\" href=\"https:\/\/thetechnologypress.com\/what-is-push-bombing-how-can-you-prevent-it\/\" title=\"What Is Push-Bombing &amp; How Can You Prevent It?\" target=\"_blank\">The Technology Press.<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Cloud account takeover has become a major problem for organizations. Think about how much work your company does that requires a username and password. Employees end up having to log into many different systems or cloud apps. Hackers use various methods to get those login credentials. The goal is to gain access to business data [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":15419,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[46],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Is Push-Bombing &amp; How Can You Prevent It? | IntegriTech<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is Push-Bombing &amp; How Can You Prevent It? | IntegriTech\" \/>\n<meta property=\"og:description\" content=\"Cloud account takeover has become a major problem for organizations. Think about how much work your company does that requires a username and password. Employees end up having to log into many different systems or cloud apps. Hackers use various methods to get those login credentials. The goal is to gain access to business data [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/\" \/>\n<meta property=\"og:site_name\" content=\"IntegriTech\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-30T12:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-03T15:45:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/integritech.io\/wp-content\/uploads\/2023\/05\/What-Is-Push-Bombing-How-Can-You-Prevent-It-Featured-Image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"925\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jason Robinson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jason Robinson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/\",\"url\":\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/\",\"name\":\"What Is Push-Bombing &amp; How Can You Prevent It? | IntegriTech\",\"isPartOf\":{\"@id\":\"https:\/\/integritech.io\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/integritech.io\/wp-content\/uploads\/2023\/05\/What-Is-Push-Bombing-How-Can-You-Prevent-It-Featured-Image.png\",\"datePublished\":\"2023-06-30T12:00:00+00:00\",\"dateModified\":\"2023-05-03T15:45:59+00:00\",\"author\":{\"@id\":\"https:\/\/integritech.io\/#\/schema\/person\/97c5ec1aca8048d53ccce801a48953dd\"},\"breadcrumb\":{\"@id\":\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#primaryimage\",\"url\":\"https:\/\/integritech.io\/wp-content\/uploads\/2023\/05\/What-Is-Push-Bombing-How-Can-You-Prevent-It-Featured-Image.png\",\"contentUrl\":\"https:\/\/integritech.io\/wp-content\/uploads\/2023\/05\/What-Is-Push-Bombing-How-Can-You-Prevent-It-Featured-Image.png\",\"width\":1280,\"height\":925,\"caption\":\"Free Attack Unsecured vector and picture\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/integritech.io\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is Push-Bombing &amp; How Can You Prevent It?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/integritech.io\/#website\",\"url\":\"https:\/\/integritech.io\/\",\"name\":\"IntegriTech\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/integritech.io\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/integritech.io\/#\/schema\/person\/97c5ec1aca8048d53ccce801a48953dd\",\"name\":\"Jason Robinson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/integritech.io\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/00cca46f716da992a5db40175b0d502e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/00cca46f716da992a5db40175b0d502e?s=96&d=mm&r=g\",\"caption\":\"Jason Robinson\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is Push-Bombing &amp; How Can You Prevent It? | IntegriTech","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/","og_locale":"en_US","og_type":"article","og_title":"What Is Push-Bombing &amp; How Can You Prevent It? | IntegriTech","og_description":"Cloud account takeover has become a major problem for organizations. Think about how much work your company does that requires a username and password. Employees end up having to log into many different systems or cloud apps. Hackers use various methods to get those login credentials. The goal is to gain access to business data [&hellip;]","og_url":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/","og_site_name":"IntegriTech","article_published_time":"2023-06-30T12:00:00+00:00","article_modified_time":"2023-05-03T15:45:59+00:00","og_image":[{"width":1280,"height":925,"url":"https:\/\/integritech.io\/wp-content\/uploads\/2023\/05\/What-Is-Push-Bombing-How-Can-You-Prevent-It-Featured-Image.png","type":"image\/png"}],"author":"Jason Robinson","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jason Robinson","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/","url":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/","name":"What Is Push-Bombing &amp; How Can You Prevent It? | IntegriTech","isPartOf":{"@id":"https:\/\/integritech.io\/#website"},"primaryImageOfPage":{"@id":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#primaryimage"},"image":{"@id":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#primaryimage"},"thumbnailUrl":"https:\/\/integritech.io\/wp-content\/uploads\/2023\/05\/What-Is-Push-Bombing-How-Can-You-Prevent-It-Featured-Image.png","datePublished":"2023-06-30T12:00:00+00:00","dateModified":"2023-05-03T15:45:59+00:00","author":{"@id":"https:\/\/integritech.io\/#\/schema\/person\/97c5ec1aca8048d53ccce801a48953dd"},"breadcrumb":{"@id":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/"]}]},{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#primaryimage","url":"https:\/\/integritech.io\/wp-content\/uploads\/2023\/05\/What-Is-Push-Bombing-How-Can-You-Prevent-It-Featured-Image.png","contentUrl":"https:\/\/integritech.io\/wp-content\/uploads\/2023\/05\/What-Is-Push-Bombing-How-Can-You-Prevent-It-Featured-Image.png","width":1280,"height":925,"caption":"Free Attack Unsecured vector and picture"},{"@type":"BreadcrumbList","@id":"https:\/\/integritech.io\/what-is-push-bombing-how-can-you-prevent-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/integritech.io\/"},{"@type":"ListItem","position":2,"name":"What Is Push-Bombing &amp; How Can You Prevent It?"}]},{"@type":"WebSite","@id":"https:\/\/integritech.io\/#website","url":"https:\/\/integritech.io\/","name":"IntegriTech","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/integritech.io\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en"},{"@type":"Person","@id":"https:\/\/integritech.io\/#\/schema\/person\/97c5ec1aca8048d53ccce801a48953dd","name":"Jason Robinson","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/integritech.io\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/00cca46f716da992a5db40175b0d502e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/00cca46f716da992a5db40175b0d502e?s=96&d=mm&r=g","caption":"Jason Robinson"}}]}},"_links":{"self":[{"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/posts\/15418"}],"collection":[{"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/comments?post=15418"}],"version-history":[{"count":1,"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/posts\/15418\/revisions"}],"predecessor-version":[{"id":15420,"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/posts\/15418\/revisions\/15420"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/media\/15419"}],"wp:attachment":[{"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/media?parent=15418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/categories?post=15418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/integritech.io\/wp-json\/wp\/v2\/tags?post=15418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}