DUO Prompt-Bombing Attack
Recently at ODU, we have seen attackers use phishing attacks to gain credentials, then attempt to login multiple times to have users inadvertently allow the DUO prompt for 2-factor authentication. This gives the attacker access to the account for a period.
Cyber criminals this technique to bypass multi-factor authentication (MFA), and it has been used in well-known compromises, such as the SolarWinds attack. Known as “prompt-bombing”, the technique involves inundating users with authentication requests via mobile phones.
An alternate approach is to send a few login requests that are spread out in hopes you won’t notice that your credentials are compromised, and thereby approve the DUO prompt without question.
No legitimate business would communicate to customers in a manner that comes close to “prompt-bombing.”
If you get a DUO prompt at a time when you are not actively authenticating to an ODU service, select “No” to the prompt, and change your MIDAS password promptly.
If you accidentally select “Yes” to a prompt that you did not initiate by attempting to login to an ODU service, report the incident immediately via ITSHelp@odu.edu , and change your MIDAS password promptly.
For more information on cybersecurity, please visit our awareness page at www.odu.edu/safecomputing. Thank you for your diligence in maintaining a secure ODU computing environment!
J. Douglas Streit, CISSP
Executive Director & CISO
IT Security & Planning
Information Technology Services
Old Dominion University
Posted By: John Streit
Date: Sun Apr 10 08:04:42 EDT 2022