WatchGuard Blog

Boost security for your Mac customers against MFA bombing campaigns

It all started when I began receiving multiple notifications on my Mac asking me to approve an authentication request. I ignored them at first, thinking it was a system error. But they kept popping up again and again, until they started interfering with my work. I was busy so I didn't stop to investigate. Then I received a phone call from a person claiming to be from my company's IT support team. He told me that to fix the “bug” and stop the flow of notifications, he needed me to tell them the one-time password that had just appeared on my screen. I gave them the code, hoping everything would go back to normal. The authentication requests stopped, but soon after I began noticing suspicious activity on some of my accounts. Someone had logged in, and it wasn't me. That was the moment I realized I had fallen into a trap.

This could be the testimony given by any of the victims of an attack specifically targeting Apple devices last March. This incident combined MFA bombing, which saturates the victim with authentication requests until the user accepts one either out of frustration or confusion, with an additional social engineering step. 

While Apple has made a strong commitment to the privacy and security of its users, these attacks show that even inherent security can benefit from an additional layer of protection to keep systems safe from sophisticated threats like this.

The keys to additional protection

One-time passwords (OTPs) have proved a key part of MFA to protect enterprises from unauthorized access. The Mac incident highlights the need to re-evaluate our reliance on OTPs and to continue advancing toward more robust MFA solutions that can withstand hackers’ increasingly sophisticated tactics.

With this in mind, managed service providers (MSPs) should consider implementing advanced MFA tools that continue to be threat resistant. Which leads to the question, what features should you look for? First, you need to provide MFA bombing protection. Second, it is important to offer flexible authentication methods to suit business and user needs and provide risk-based policy management to assess and enforce user access controls. You should also opt for zero trust solutions to ensure every user access request is verified across enterprise resources. This enables authentication requests to be assessed based on various factors such as the user's location, the device from which the request is made, or based on previous behavior. If something doesn’t look right, the request can be automatically rejected. And finally, you should offer broad coverage and easy integration with Mac devices. It is crucial to choose a cybersecurity solution that has broad coverage for the different versions of Apple products. You need tools that know how to leverage the inherent security of devices, and then add an additional layer of protection without interfering with the user experience. This is a key factor for companies looking to implement robust security solutions without affecting employee productivity. 

Benefits of including advanced MFA authentication solutions in your portfolio

By providing a solution that elevates security for Mac customers, MSPs can position themselves as strategic partners leading the fight against data breaches by mitigating credential-based incidents. According to Apple, 84% of the world's leading innovators, including companies such as Salesforce, SAP and Target, are Mac users, which underscores the need for more robust protection. MSPs can also enable secure hybrid work environments regardless of their locations and deliver greater productivity to customers with the single sign-on (SSO) application portal.

MFA bombing targeting Apple products flags the need to keep abreast of cybersecurity developments.  WatchGuard’s AuthPoint MFA is an ideal solution as it is specifically designed for MSPs who are looking to provide their customers with advanced protection. Apart from traditional multi-factor authentication, you'll protect employees and MacBook users from credential impersonation, as well as privilege escalation risks affecting macOS, VPN, and remote access and single sign-on to applications. 

Find out more about how to protect your customers with MFA in the following links: