While properly configured multi-factor authentication (MFA) stops the majority of authentication/authorization attacks, simple misconfigurations or user missteps can lead to catastrophe. Attackers are exploiting these gaps to commandeer user accounts.

To combat this, Abnormal has enhanced its Account Takeover Protection add-on, analyzing thousands of signals to detect the hallmarks of an MFA Bypass attack, whether the attack takes the form of:

• Phishing-initiated MFA Bypass;
• Weakening MFA Authentication;
• Exploitation of Authorized MFA Exception; or
• Session Reuse/Hijacking

As with all detection types in Account Takeover Protection, an Abnormal Case will then immediately be opened when MFA Bypass is detected, so threats can be identified, investigated, and quickly remediated.