TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

MFA for Business: Benefits, Methods & Why It Still Matters

2025-11-07 · Read original ↗

ATT&CK techniques detected

17 predictions
T1621Multi-Factor Authentication Request Generation
92%
"number as the second form of authentication for various accounts. social engineering is another method used by threat actors like scattered spider or lapsus $. they either pretend to be help desk personnel and convince targets to share their one - time password or target help des…"
T1556.006Multi-Factor Authentication
91%
"video below explains how evilginx helps threat actors deceive their targets. get your business mfa in order with mfa, there ’ s no one - size - fits - all solution. there are several types of mfa, each with varying levels of security, costs, and ease of implementation, making it …"
T1556.006Multi-Factor Authentication
88%
"portal account that didn ’ t have mfa enabled mfa makes threat actors ’ lives harder, but it ’ s not foolproof mfa is also a great example of the cat - and - mouse pattern between defenders and adversaries that we frequently see. when businesses implement a new security protectio…"
T1556.006Multi-Factor Authentication
85%
"mfa for business : benefits, methods & why it still matters when it comes to cybersecurity, there will never be a silver bullet, but multi - factor authentication ( mfa ) might be one of the closest contenders for that title. mfa is a vital security layer in protecting businesses…"
T1556.006Multi-Factor Authentication
81%
"essential. a lack of mfa makes threat actors ’ lives easy threat actors use credential stuffing, brute force attacks, and other methods to take advantage of people who have reused passwords or easy - to - guess passwords. in fact, in the huntress 2025 managed identity threat dete…"
T1556.006Multi-Factor Authentication
81%
"or require mfa : - payment card industry data security standard ( pci dss ) : mfa for certain roles and access levels, especially admin access to cardholder data environments - systems and organization controls 2 ( soc 2 ) : mfa helps secure customer dataand prevents unauthorized…"
T1556.006Multi-Factor Authentication
79%
"is how users confirm their identity beyond just a username and password ( single - factor ) for access to systems, applications, and devices. there are three categories of authentication factors : - something you know : passwords or pins - something you have : a one - time passco…"
T1556.006Multi-Factor Authentication
78%
"mfa can block up to 99. 2 % of account compromise attacks. relying on single - factor authentication for access isn ’ t enough anymore because passwords can be guessed, stolen, and bought. don ’ t make things easy for attackers : build multiple perimeter barriers that make unauth…"
T1556.006Multi-Factor Authentication
77%
"an mfa in place is already a big leap toward better security. closing thoughts mfa isn ’ t just a nice - to - have anymore — it ’ s a must for keeping your business safe from cyber threats. taking the time to set up and deploy mfa the right way means you ’ re not only protecting …"
T1556.006Multi-Factor Authentication
74%
"to hijack or steal session tokens, the unique identifiers that temporarily track user sessions after they log in. with these stolen tokens, threat actors can bypass certain types of mfa entirely. in fact, we found that incidents where threat actors tried to steal tokens made up a…"
T1111Multi-Factor Authentication Interception
71%
"to hijack or steal session tokens, the unique identifiers that temporarily track user sessions after they log in. with these stolen tokens, threat actors can bypass certain types of mfa entirely. in fact, we found that incidents where threat actors tried to steal tokens made up a…"
T1556.006Multi-Factor Authentication
71%
"and usability there ’ s a common debate about mfa implementation : how do you balance top - notch security with a frictionless user experience? if security processes are too cumbersome, employees may bypass them, request to temporarily turn them off, or resist adoption altogether…"
T1556.006Multi-Factor Authentication
68%
"number as the second form of authentication for various accounts. social engineering is another method used by threat actors like scattered spider or lapsus $. they either pretend to be help desk personnel and convince targets to share their one - time password or target help des…"
T1556.006Multi-Factor Authentication
60%
"and a stronger focus on security, hardware tokens are a great option. these are physical devices ( like a yubikey ) that employees use to verify their identity. they ’ re incredibly secure and make attacks harder for threat actors, but they might not be the easiest to distribute …"
T1556.006Multi-Factor Authentication
46%
"##p with brute force attacks as a way to get initial access, as seen in the may incident outlined in figure 3. figure 3 : a huntress investigative summary of an incident involving an rdp brute force attack one of the top preventive measures for these incidents is making sure that…"
T1621Multi-Factor Authentication Request Generation
36%
"portal account that didn ’ t have mfa enabled mfa makes threat actors ’ lives harder, but it ’ s not foolproof mfa is also a great example of the cat - and - mouse pattern between defenders and adversaries that we frequently see. when businesses implement a new security protectio…"
T1621Multi-Factor Authentication Request Generation
31%
"essential. a lack of mfa makes threat actors ’ lives easy threat actors use credential stuffing, brute force attacks, and other methods to take advantage of people who have reused passwords or easy - to - guess passwords. in fact, in the huntress 2025 managed identity threat dete…"

Summary

MFA for business isn’t a silver bullet. But it’s close! Learn the benefits, MFA methods, and how to make it work without the usual headaches.