Cisco said that one of its representatives fell victim to a voice phishing attack that allowed threat actors to download profile information belonging to users of a third-party customer relationship management system.
“Our investigation has determined that the exported data primarily consisted of basic account profile information of individuals who registered for a user account on Cisco.com,” the company disclosed. Information included names, organization names, addresses, Cisco assigned user IDs, email addresses, phone numbers, and account-related metadata such as creation date.
Et tu, Cisco?
Cisco said that the breach didn’t expose customers’ confidential or proprietary information, password data, or other sensitive information. The company went on to say that investigators found no evidence that other CRM instances were compromised or that any of its products or services were affected.
Phishing attacks, particularly those relying on voice calls, have emerged as a key method for ransomware groups and other sorts of threat actors to breach defenses of some of the world’s most fortified organizations. In some cases, the threat actors behind these attacks used multiple forms of communication, including email, voice calls, push notifications, and text messages. They often devote considerable research to the attacks to make them consistent with legitimate authentication methods used internally by the target. Some of the companies successfully compromised in such attacks include Microsoft, Okta, Nvidia, Globant, Twilio, and Twitter.
One of the best defenses against these sorts of attacks is the use of multi-factor authentication that’s compliant with FIDO, the industry standard developed by a consortium of organizations around the world. The cryptographic keys securing FIDO are bound to the domain name of the service being logged into. That prevents attacks relying on spoofed or lookalike phishing sites from working. The MFA credential must also be in physical proximity to the device that’s logging in to the device. When a target being phished is in one location and the attacker is somewhere else, the attack will fail.
Of course, FIDO MFA is so new that few, if any, organizations are using it without also providing fallback forms of authentication for use in the event users are locked out of accounts. Organizations should devise safeguards to guard against this limitation. The US Cybersecurity and Infrastructure Security Agency provides guidance for resisting phishing attacks here.
JBL Flip 7: lo speaker impermeabile è al prezzo più basso di sempre