Xage rolls out multi-layer, distributed solution to prevent MFA bombing across critical infrastructure sites

Zero trust security company Xage Security announced Thursday a distributed, multi-layer multi-factor authentication (MFA) offering designed for real-world operations spread across critical infrastructure sites. It will also prevent MFA bombing attacks, and help keep key services online. 

Xage’s multi-layer MFA combines zero trust access control with a defense-in-depth authentication strategy to prevent attacks that rely on human error and social engineering techniques, such as MFA bombing and critical operations that need multiple layers of authentication. The solution makes critical infrastructure essentially impenetrable to MFA bombing, delivering real-world zero trust using a defense-in-depth approach.

Users reconfirm their identity as they are granted each layer of access privilege, allowing independent user verification at the level of a whole operation, a site, or even a single asset. As a result, compromise of an individual authentication factor—such as would happen in an MFA bombing attack—does not allow the attacker to compromise the user’s whole identity and gain illegitimate access to assets, systems, or applications. Xage’s multi-layer MFA makes critical infrastructure essentially impenetrable to MFA bombing, delivering real-world zero trust using a defense-in-depth approach.

“Multi-layer MFA is hard to achieve in IT environments, and even harder in OT. Managing authentication for thousands of dispersed technologies of different vintages that don’t inherently support MFA becomes too complex,” Duncan Greatwood, Xage CEO, said in a media statement. “Xage now makes it easy for customers to utilize multi-layer MFA at each site, asset, zone, and subsystem, without the need to rip and replace existing systems. Combined with our zero trust identity and access management capabilities, operations can now manage access and interactions at each layer of the environment.”

“Critical infrastructure asset owners and operators are in the crosshairs of the evolving threat landscape, and TTPs are becoming more sophisticated, including MFA bombing,” Jonathon Gordon, directing analyst at Takepoint Research, said. “Xage’s multi-layer MFA solution requires users to pass an additional and unique MFA challenge at each layer. This distinctive approach can further secure critical operations against malicious actors using advanced MFA attacks and prevent major shutdowns that impact both production systems and the safety of communities they serve.”

Xage’s solution fingerprints each device and user across the entire network. User access is then precisely controlled, restricted only to specific devices or systems, time, or session length. Even if adversaries break through one layer or an individual site, they’re isolated and unable to further infiltrate the system, ensuring critical services remain operational. The increase of hacks and new federal regulations combined add urgency to the adoption of Xage’s technology. 

The Xage solution will enable critical infrastructure sites to bolster their cybersecurity position, as human errors have been identified to cause 95 percent of security breaches. Hackers exploit this through MFA bombing, a technique that sends numerous secondary MFA requests until the user unintentionally grants permission. This can happen when MFA requires only one additional factor to log in, such as a one-time password sent to a secondary device. 

Xage cited the example of the digital extortion group Lapsus$ that recently breached the identity management platform Okta through a third-party provider using MFA bombing.

Last month, Xage raised an additional US$6 million in top-up funding, bringing total funding to $60 million, close to the heels of its January Series B funding round. The additional funds come at a time when the company’s customer base in the energy, defense, utilities, manufacturing, and logistics sectors has more than doubled in the past year. Furthermore, two-thirds of the customers are accelerating rollouts to address increased cyber risks and meet the Department of Homeland Security’s Transportation Security Administration (TSA) and other government mandates by the end of this year.

U.S. security agencies issued a joint cybersecurity advisory (CSA) in March warning organizations of Russian state-sponsored hackers having gained network access to a non-governmental organization (NGO). The adversaries gained access by exploiting default MFA protocols and a Windows Print Spooler ‘PrintNightmare’ vulnerability that runs arbitrary code with system privileges. Following the exploitation of the flaw in default MFA protocols, the adversaries moved laterally to the NGO’s cloud environment.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.