The Information Security Team recently thwarted a sophisticated cyberattack aimed at compromising the accounts of current employees. While the attempt was unsuccessful, the incident highlights the increasing threats the colleges face in today’s digital landscape.
The attack happened in two stages. First, the bad actors found a list of usernames and passwords on the Internet. They used Dartmouth credentials from the list, then succeeded in Multi-Factor Authentication (MFA) Bombing the employee. MFA Bombing or MFA Fatigue is when a cybercriminal repeatedly sends MFA requests to a victim, hoping they will approve one out of frustration or confusion. The user received multiple DUO prompts, which they eventually accepted.
Having access to a Dartmouth account, the cybercriminals sent a phishing email containing a link to a copy of the Dartmouth login page to over 100 internal Dartmouth users. Several of which clicked on the link and entered their credentials. This resulted in another round of MFA Bombing and more success for the cybercriminals.
The Information Security Team first encountered this type of attack in 2024, after which they reviewed the details and implemented additional security controls. When the alert happened they jumped into action locking accounts and blocking addresses to prevent the hackers gaining more access. After this latest incident the team will once again review details and discuss additional security controls.
What should you do if this happens to you? Don’t approve any DUO requests that you did not initiate. If you get one you don’t expect, call the IT Helpdesk immediately at 603-646-2999, they will help you lock your account and change your password.