Cisco Systems, the maker of some of the worlds most complex networking equipment recently suffered a hacking attack. Except, it wasn’t done via computer.
Vishing or voice phishing is a type of cyberattack where malicious actors use phone calls in attempt to collect confidential information from their targets.
Cisco believes the attack was conducted by hackers linked to the UNC2447 cybercrime gang, Lapsus$ threat actor group and Yanluowang ransomware operators.
These same actors also recently attacked Microsoft Azure, Samsung, T-Mobile, Okta, Nvidia, and Globant.
Luckily for Cisco, no ransomware was detected and Cisco successfully blocked attempts to access the company’s network.
How did this happen?
On May 24, 2022, Cisco was made aware that one of their employee’s credentials were compromised. An attacker gained control of the employee’s personal Google account where credentials saved in the victim’s browser were being synchronized.
The attacker conducted multiple sophisticated voice phishing attacks disguised as various trusted organizations. The attacker convinced the victim to accept the multifactor authentication (MFA) push notification initiated by the attacker. The MFA acceptance gave the attacker access to VPN in the context of the victim.
Regardless of the incident, Cisco continues to promote MFAs such as Duo to protect your accounts. Do you have 2FA turned on for all of your accounts? Are you training your employees on the best practices when it comes to online safety?
For more information on online safety including security awareness training, please contact us at info@optfinITy.com.