Xage security launches MFA bombing in critical infrastructure as a tech tool. Hackers are invading privacy but through Xage latest solution it will be a threat to hackers.

On 6th June Xage company released the announcement with MFA bombing, it is known to be first ever distributed (MFA) multi-layer multi-factor authentication designed, in a practical operation.

Critical infrastructure is under attack with its extent and complex environments filled with legacy technologies are prominently difficult to secure. Federal security directives and warnings from TSA and CISA require upgrading MFA in (OT) Operational Technology environments; Though, operators cannot depend on traditional IT-based MFA tactics or strategy to protect essential services.

Human mistakes cause security breaches of 95%. Bad actors derive benefit through MFA bombing, this technique sends several secondary MFA requests till the user unintentionally grants permission. This prior to occur, MFA needs only one additional to log-in entry, a one-time password delivered to a secondary device. Digital extortion group Lapsus presently breached/ identity management to platform of Okta by a third-party provider using MFA bombing.


MFA bombing creates safety for devices from hackers attacks.

MFA bombing critical operation requires multi-layer of authentication, to prevent/ attacks that depend on social engineers and human error. The remaining attacks which are not stopped by ordinary MFA? It’s approximately one billion attacks occurs each year, which mean one million attacks would be bypass MFA, most probably through MFA bombing. The hackers strive to trick users into approving an MFA initiated approval request for a few days to avoid the institution. Despite the circumstance through the method used, it will get the user to approve just this request to have access to their account.

According to (ICS) industrial control systems and real-world operations, critical infrastructure related which includes energy, defense, transportation, utilizes, manufacturing and related industries which can affect major system shutdowns, impact the operator bottom lines and affect the crucial services and safety for communities to operate. It is hard to secure and maximum technologies are not inherently equipped to assist MFA. Operators cannot depend on traditional MFA upgrades into the equipment to protect required services.

Xage CEO, Duncan Greatwood mentions, Multi-layer MFA is tough to achieve in IT environment and increasingly harder in OT. Tackling authentication for numerous dispersed technologies that do not inherently support MFA become complex. Xage makes it easier for their customers to utilize multi-layer MFA at individual site, subsystem and asset, zone which is without the requirement to rip and replace existing systems. Along with their zero-trust identity and access management capabilities, through the operation they can have access to manage and interact at each layer of environment.


Xage technology gives the device specific feature with figerprints access for protection.

Xage latest release on multi-layer MFA is designed notably for real-world operations and merge zero trust access control with a defense in-depth authentication strategy. MFA features the aforementioned Purdue model. Since users must affirm their identity to proceed with subsequent layers in the operation, it unlocks granular independent user verification which leads to individual operational site or singular OT asset. It concludes, compromise individual authentication factor with an MFA bombing attack, which does not permit hacker to futher invade to assets, systems or applications.

Xage company solution protects device with fingerprints and user across/over the entire ICS network which permits users with access to specific devices based on policy authorization. This remote session access will be scheduled, time-bound and one-time password, which makes the security safer.