Cisco recently disclosed a security incident resulting from sophisticated voice phishing, or vishing, attacks at targeted employees. Researchers at Cisco Talos believe the attack was carried out by an initial access broker who had the intent of selling access to compromised accounts to other threat actors.
The attacks first gained access to Cisco’s networks after hacking an employee’s personal Google account. From here, they stole the employee’s Cisco passwords via Google Chrome’s password syncing feature. Then, they were able to use various social engineering tactics to expand their access. The attacker attempted to bypass MFA using various techniques, including vishing which has become an increasingly common social engineering technique.
Cisco took immediate action to contain and eradicate the bad actors once the incident was identified. They did not identify any impact to their business as a result, including no impact to Cisco products, services, sensitive customer data, sensitive employee information, intellectual property, or supply chain operations. In addition to taking action, Cisco has also taken steps to remediate the impact by further hardening their IT environment. Since the discovery, there has not been any ransomware observed or deployed and Cisco has successfully blocked attempt’s to access their network.
To learn more about the attack, the response, and security awareness training opportunities, visit here for details.