Since the implementation of multifactor authentication (and the extra step beyond your username and password that requires you to "approve" the login request), attackers are now attempting to get users to bypass this security layer by MFA "bombing" also known as "prompt bombing". If an attacker gets access to your SU username and password, they could send DUO requests, or even multiple simultaneous DUO approval requests to your device in an attempt to get you to just "approve" the requests to stop the requests from coming.
...