- What: Attackers use push-notification flooding ("prompt bombing") plus vishing calls impersonating IT support to trick users into approving fraudulent MFA requests — no need to crack the second factor.
- Impact: The 2022 Cisco breach (Yanluowang group) is the canonical example: one approved prompt led to VPN access, domain-controller compromise, and 2.8 GB of data exfiltrated before eviction.
- Fix / mitigation: Replace push MFA with phishing-resistant factors (
FIDO2/ YubiKey / number-matching), continuously scan Active Directory against breached-password databases, and enforce risk-based conditional access to block anomalous login attempts before they reach users. - Who's at risk: Any organization relying on push-based MFA (Okta, Duo, Microsoft 365) for VPN, RDP, or SaaS access, especially where credentials may appear in breach databases.
Multi-factor authentication was supposed to end credential-based breaches. The premise was simple: even with stolen passwords, attackers couldn't access accounts without the second factor. That logic held until attackers realized they didn't need to steal the second factor—they just needed users to hand it over voluntarily.
MFA prompt bombing is now a live threat to any organization using push-based authentication. The attack exploits the weakest link in push MFA: users receive approval requests with minimal context about the login attempt's legitimacy. When bombarded with repeated prompts, users either assume a system error or, when paired with a well-timed vishing call from someone posing as IT support, simply approve the request to make it stop.
Attack Mechanics: Three Simple Requirements
MFA prompt bombing requires minimal sophistication. Attackers need three elements: valid account credentials from breached password databases, a login portal using push-based MFA (VPN, Microsoft 365, Okta, Duo), and a victim who receives alerts for each login attempt.
The attacker repeatedly triggers authentication prompts, flooding the user's device with approval requests. The bombardment creates confusion and fatigue. Advanced attackers pair this with vishing—phone calls impersonating IT support using various accents and convincing scripts. The social engineering component transforms what looks like a technical glitch into a seemingly legitimate support interaction requiring user action.
This attack only needs to work once. A single approved prompt grants full access, and security systems typically won't flag the login as suspicious because it appears completely legitimate through standard authentication channels.
The Cisco Breach: A Case Study in MFA Failure
The 2022 Cisco breach demonstrates how effective prompt bombing is against even security-mature organizations. An attacker associated with the Yanluowang ransomware group compromised a Cisco employee's personal Google account that was syncing browser-stored credentials, including the employee's corporate VPN password.
Initial MFA prompt bombing attempts failed, so attackers escalated to vishing calls posing as trusted support organizations. Eventually, they convinced the employee to approve a push notification. Once inside, the attacker enrolled additional devices for MFA to maintain persistence, escalated privileges to administrative level, accessed Citrix servers and domain controllers, and exfiltrated approximately 2.8GB of data before detection and eviction.
Cisco is far from having weak security. The breach demonstrates that prompt bombing works regardless of security posture maturity when the fundamental MFA mechanism provides insufficient context for user decision-making.
Why Push-Based MFA Falls Short
Push-based MFA asks users to make security decisions with insufficient information. Approval prompts provide minimal context about the login attempt—no clear indication of originating location, device details, or whether the user actually initiated the request.
When prompts arrive repeatedly, users interpret the situation as a system malfunction rather than an active attack. Combined with a phone call from someone claiming to be IT support who can recite the user's name, department, and other semi-public information, the scenario feels routine rather than threatening. The user isn't acting carelessly—they're responding rationally to a situation engineered to appear legitimate using credentials the attacker already possesses.
Three Prevention Strategies
1. Deploy Phishing-Resistant MFA Factors
Push notifications represent the weakest commonly deployed MFA method. Phishing-resistant alternatives include FIDO2 security keys, hardware tokens like YubiKey, or number-matching codes from authenticator apps. These methods are significantly harder to manipulate because they require physical possession or cryptographic proof rather than simple user approval.
Solutions like Specocs Secure Access support more than 15 identity providers and include fatigue-resistant options for Windows logon, RDP, and VPN connections. Organizations should prioritize retiring push-only MFA for high-risk access points where compromise would grant broad network access.
2. Block Compromised Passwords Continuously
Prompt bombing only works when attackers possess valid credentials. Scanning Active Directory continuously against live databases of breached passwords removes the attack's foundation. When matches appear, forcing immediate password resets eliminates the attacker's ability to initiate login attempts.
Default Active Directory password policies won't catch reused passwords, incremental variations, or credentials appearing in breach databases. Tools like Specops Password Auditor provide free, read-only AD scans that identify vulnerabilities including compromised passwords and inactive administrative accounts.
If attackers never gain valid credentials, they can't trigger MFA prompts in the first place. Proactive credential hygiene is the most effective defense against prompt bombing attacks.
3. Implement Risk-Based Conditional Access
Conditional access policies incorporating geography, device posture, and login timing can block suspicious attempts or require step-up authentication before prompts reach users. This approach reduces reliance on user judgment by adding real-time contextual analysis to the authentication process.
Risk signals can identify anomalies—login attempts from new countries, unmanaged devices, or outside normal business hours—and either block access outright or require additional verification. This prevents suspicious logins from escalating to successful account compromise before users face decision pressure.
MFA Remains Essential Despite Limitations
MFA prompt bombing doesn't invalidate multi-factor authentication as a security control. It exposes weaknesses in specific implementation methods—particularly push notifications that can be triggered repeatedly without meaningful context.
Organizations should audit their current MFA deployments with specific attention to push-based methods protecting critical access points. Number-matching implementations and phishing-resistant factors strengthen the MFA mechanism itself. Simultaneously, scanning for compromised passwords limits attacker ability to reach the authentication stage where prompt bombing becomes possible.
The combination of stronger MFA factors, proactive credential monitoring, and risk-based conditional access creates defense in depth that addresses both the initial compromise vector and the social engineering exploitation phase. Organizations continuing to rely exclusively on push-based MFA for high-value access should treat this as a priority security gap requiring immediate remediation.
Questions about your exposure?
RedEye Security provides assessments for organizations that need to understand their real risk.
Talk to us