Skip to main content
Emerging ThreatsMalware & Ransomware

MFA Prompt Bombing Exposes Weakness in Two-Factor Security

Person sitting at desk, confused, looking at smartphone with multiple push notifications.

Around 2.8GB of data were exfiltrated after an attacker coerced a Cisco employee into approving a push-based MFA prompt — a stark reminder that the second factor can be the very thing attackers exploit.

The Cisco breach that crystallized the risk

The 2022 Cisco incident is the clearest public example of "prompt bombing" in action. An attacker tied to the Yanluowang ransomware group gained access to a Cisco employee’s personal Google account, which was syncing browser-stored credentials, including the employee’s Cisco VPN password. With that valid password in hand, the attacker began pushing MFA prompts to the employee’s phone. When repeated prompts failed, the adversary added vishing — phone calls posing as trusted support organizations, delivered in varying accents — and eventually convinced the employee to accept a push notification.

Once approved, the attacker obtained VPN access as that user, enrolled their own devices for MFA to maintain persistence, escalated privileges to administrative levels, reached Citrix servers and domain controllers, and exfiltrated roughly 2.8GB of data before being evicted. The episode shows prompt bombing can succeed even against a company described as “far from having a weak security posture.”

How MFA prompt bombing works

The technique requires three elements: valid account credentials (usually from breached password dumps), a login portal that uses push-based MFA (examples include VPN, Microsoft 365, Okta, or Duo), and a victim who is alerted each time an attacker triggers a login. Attackers repeatedly trigger the push notification, attempting to wear the user down or trick them into approving the request. Often prompt bombing is paired with vishing, where the caller pretends to be IT and social-engineers the target. If a prompt is approved, the attacker is logged in as that user. Security systems often remain silent because the login appears legitimate.

Why push-based MFA can fail

Push notifications give users very little context. A simple approve/deny prompt typically lacks information about where the request originated, what device is attempting the login, or whether the user initiated the action. Repeated prompts are easy to dismiss as a misfire, and when a vishing call frames the situation as routine support, the user’s behavior is a predictable response to a crafted scenario rather than careless action.

That combination — valid credentials, minimal prompt context, repeated notifications, and social-engineering calls — is exactly what prompt bombing exploits.

Three defenses organizations can put in place today

  • Choose fatigue- and phishing-resistant MFA factors. Push notifications are described as the weakest common form of MFA. More resistant options include FIDO2 security keys, hardware tokens such as YubiKey, or number-matching codes from authenticator apps. Specops Secure Access, for example, supports more than 15 identity providers and offers these fatigue-resistant options for Windows logon, RDP, and VPN connections so organizations can retire push-only MFA for high-risk access points.
  • Block compromised passwords at the source. Prompt bombing requires that attackers already possess valid passwords. Continuously scanning Active Directory (AD) against a live database of breached passwords — and forcing a reset when a match appears — removes the fuel for the attack. Default AD password policies won’t catch reused, incremental, or breached passwords. Specops Password Auditor is offered as a free, read-only scan of AD that flags vulnerabilities such as compromised passwords or inactive admin accounts.
  • Add real-time risk signals to authentication. Conditional access policies that consider geography, device posture, and login times can block or step up authentication before any push notification is sent to a user’s phone. Introducing these contextual controls reduces reliance on user judgment alone and gives security teams a chance to stop suspicious logins before they escalate into account compromise.

What this means for technologists, procurement leaders, and end users

Technologists and security teams will need to reassess where push notifications remain acceptable and where phishing-resistant factors should be mandated, particularly for VPNs, RDP, and administrative access. Procurement and architecture decision-makers should expect to evaluate solutions that support FIDO2, hardware tokens, number-matching, and integration with conditional access engines; products cited in the source include Specops Secure Access and Specops Password Auditor. End users should be trained to recognize that repeated approval prompts are itself a potential attack vector and that routine-looking support calls may be coordinated with push notifications to coerce approval.

MFA remains a critical control, but not all second factors are equal. Where push notifications are still the default, organizations should revisit that choice, strengthen the first factor by blocking compromised passwords, and add contextual risk signals so that a phone tap alone cannot hand an adversary full access. For teams considering vendor options and next steps, the source suggests vendors such as Specops as one pathway to reduce the specific risks described here.

Original story