Cybersecurity - DUO Push Attacks
ODU is seeing attackers use phishing attacks to gain credentials, then attempt to login multiple times to have users inadvertently allow the DUO push prompt for 2-factor authentication. Once a user accepts the DUO prompt, the attacker then has access to the account for a period. Cyber criminals use this technique to bypass multi-factor authentication (MFA). Universities are reporting this attack being successfully used.
Some attackers have sent a bogus login page with a field to enter a DUO passcode.
Do not do it!
How you can overcome push phishing:
Be mindful when approving DUO Push notifications. Some things to consider when you get a push on your phone:
• Is there anything unusual about the application that is displayed in the DUO prompt?
• Did you just attempt to access an application, or not?
• Where is the push request coming from? Check the location details provided with the push in the Duo Mobile app.
Know what to do if you suspect you’ve received a fraudulent push. Learn how to mark a Duo Push as fraudulent in this Knowledge Base article.
If you get a DUO prompt at a time when you are not actively authenticating to an ODU service, select “No” to the prompt, and change your MIDAS password promptly.
If you accidentally select “Yes” to a prompt that you did not initiate by attempting to login to an ODU service, report the incident immediately via ITSHelp@odu.edu , and change your MIDAS password promptly.
For more information on cybersecurity, please visit our awareness page at www.odu.edu/safecomputing. Thank you for your diligence in maintaining a secure ODU computing environment!
J. Douglas Streit, CISSP
Executive Director & CISO
IT Security & Planning
Information Technology Services
Old Dominion University
http://www.odu.edu/directory/people/j/jstreit
Posted By: John Streit
Date: Sun Nov 06 06:34:01 EST 2022