Push‑based MFA can be weaponized through “prompt bombing,” where attackers flood users with authentication requests until they approve one. The technique, illustrated by the 2022 Cisco breach, shows that a stolen password plus social engineering can defeat the second factor. Experts recommend moving to phishing‑resistant factors, continuously blocking compromised credentials, and adding contextual risk signals to stop attacks before a push reaches a user’s phone.
)
MFA prompt bombing has moved from a theoretical concern to a daily operational risk for any organization that relies on push notifications as its primary second factor. A recent deep‑dive by security researcher Dr. Anika Patel at the SANS Institute explains that the attack chain is simple, but the human‑factor element makes it surprisingly effective.
How the attack works
- Valid credentials – The attacker harvests a username and password from a breach, a credential‑stuffing service, or a compromised password manager sync.
- Push‑based MFA – The target environment (VPN, Microsoft 365, Okta, Duo, etc.) sends a push notification to the user’s registered device.
- Repeated prompting – The attacker repeatedly triggers the login, flooding the user’s phone with approvals. After a few dozen prompts, fatigue sets in and the user clicks Approve.
- Social engineering overlay – Often the bombardment is paired with a vishing call that pretends to be IT support, giving the user a plausible reason to approve the request.
Once the user approves, the attacker gains a fully authenticated session that looks legitimate to logging and SIEM tools. No additional alerts are generated because the authentication succeeded.
Microsoft’s mitigation for the YellowKey BitLocker bypass (CVE‑2026‑45585) shows how quickly vendors can respond to a new exploit. Prompt bombing, however, exploits human behavior rather than a software flaw.
Real‑world example: the 2022 Cisco breach
In 2022, a threat actor linked to the Yanluowang ransomware gang compromised a Cisco employee’s personal Google account. The account was syncing saved passwords, including the employee’s VPN credentials. Using those credentials, the attacker launched a series of push requests to the employee’s phone. When the initial attempts failed, the attacker placed a convincing vishing call, claiming to be from internal IT. After a few minutes of pressure, the employee approved the request, granting the attacker VPN access.
From there, the attacker enrolled their own device for MFA, escalated privileges, accessed Citrix servers and domain controllers, and exfiltrated roughly 2.8 GB of data before being evicted.
“Even a security‑mature organization like Cisco can fall victim when the MFA factor provides no context,” says James Liu, Principal Engineer at Specops Security. “The push notification is essentially a binary ‘yes/no’ dialog – it doesn’t tell the user where the login originated, which device is involved, or whether the request was legitimate. That information gap is what attackers exploit.”
Why push‑based MFA alone isn’t sufficient
- Lack of context – A push dialog rarely shows the source IP, device type, or geolocation. Users are left to guess.
- Fatigue – Repeated prompts desensitize users, turning a security control into a nuisance.
- Social engineering synergy – A well‑timed phone call can make the user feel obligated to approve the request.
These weaknesses do not mean MFA should be abandoned; rather, they highlight the need for phishing‑resistant factors and risk‑based controls.
Three practical steps to stop prompt bombing
1. Deploy fatigue‑resistant, phishing‑resistant factors
Push notifications are the weakest common MFA method. Replacing them with FIDO2 security keys, hardware tokens (e.g., YubiKey), or number‑matching codes from authenticator apps adds a layer of verification that cannot be auto‑approved.
“Number‑matching forces the user to compare a code displayed on the login screen with the one on their device, dramatically reducing accidental approvals,” notes Maria Gonzales, Identity Security Lead at Okta.
Specops Secure Access integrates with more than 15 identity providers and supports these stronger factors for Windows logon, RDP, and VPN connections. You can retire push‑only MFA on high‑risk assets with a single policy change.
2. Block compromised passwords at the source
Prompt bombing only works when the attacker already has a valid password. Continuous credential‑risk monitoring against live breach‑databases (e.g., HaveIBeenPwned, SpyCloud) can detect reused or leaked passwords in real time. When a match is found, enforce an immediate password reset.
Specops Password Auditor offers a free, read‑only scan of Active Directory that flags compromised credentials, inactive admin accounts, and other exposure points.
3. Enrich login attempts with contextual risk signals
Conditional Access policies that evaluate geography, device posture, network reputation, and time of day can block or step‑up authentication before a push reaches the user’s phone. For example, a login attempt from a foreign IP address on a non‑managed device can trigger a mandatory hardware‑token challenge.
Microsoft’s Azure AD Conditional Access and Okta Adaptive MFA both provide these capabilities out of the box. Configuring them reduces reliance on user judgment and shifts the decision to an automated risk engine.
MFA still matters – but it must evolve
Prompt bombing is a reminder that MFA is a control, not a silver bullet. When the second factor can be approved with a single tap, attackers can bypass it through sheer persistence and social engineering. By moving to phishing‑resistant factors, actively blocking compromised passwords, and adding risk‑based context, organizations can restore the protective intent of MFA.
If you’re still using push‑only MFA for critical workloads, now is the time to reassess. Upgrading to number‑matching or hardware‑based tokens, combined with continuous password hygiene, will make the “approve” button far less attractive to attackers.
Further reading
- Specops Secure Access – https://specopssoft.com/solutions/secure-access/
- Specops Password Auditor – https://specopssoft.com/products/password-auditor/
- Microsoft Azure AD Conditional Access – https://learn.microsoft.com/azure/active-directory/conditional-access/overview
- Okta Adaptive MFA – https://developer.okta.com/docs/guides/adaptive-mfa/overview/
- FIDO Alliance – https://fidoalliance.org/what-is-fido/
The new phishing click: OAuth consent screens that bypass MFA illustrate how attackers constantly look for the weakest user‑facing interaction.
Author: Jane Mitchell, Senior Security Analyst, Specops Security
Comments
Please log in or register to join the discussion