Cyber attackers are using a new technique called “push harassment." After obtaining someone's password, attackers send a verification (or “multifactor authentication”) request to gain access to the user’s accounts. If the first request is ignored, the attacker sends multiple requests in order to bother/annoy the user into accepting the authentication request. Often, when a user receives many requests to authenticate their identity, they assume that a system is trying to reconnect and accept the request, allowing the attacker into their account.
In our ongoing efforts to combat malicious access to university accounts, the IT Security Office has adopted new Verified Duo Push standards. This new set of preventative controls helps block attacks on university systems. Most users will not see an impact to the way you login to university systems. You will continue to enter your Network Username and password at a university site/portal. You will be asked to verify your identity through the Duo app, a text message, or a phone call.
If suspicious activity is suspected on your account, you will be asked to verify your identity by entering a code, into the Duo app. The code will be displayed on the device you are using to login. The process is illustrated in the screenshot below. You will not be able to enter the code via text message or phone call; it must be entered into the app. This extra step helps prevent malicious activity because attackers will not have access to the user’s login device and app simultaneously.
Students, faculty, and staff who bypass geolocation controls on their computers will most likely be asked to use Verified Duo Push standards.
Over the past few weeks, the university experienced seven compromised accounts due to push harassment. These hacks resulted in 60K malicious emails sent to internal users. The introduction of Verified Duo Push standards will assist in stopping future attacks.
if you do not have the app installed on a device you frequently use, please download it immediately. To download the free Duo app, visit the App Store associated with your device. Information on using the Duo app can be found in the IT Knowledge Base. If you need additional assistance, please contact the IT Service Desk at 803-777-1800 or submit a ticket.