A 3rd-party supplier that handles telephony for Cisco’s Duo multifactor authentication (MFA) service has been compromised by a social engineering cyberattack. Now Cisco Duo clients have been warned to be on alert for follow-on phishing schemes.
Prospects had been despatched a discover explaining that the corporate dealing with SMS and VOIP multifactor authentication messaging site visitors for Cisco Duo was breached on April 1. The risk actors reportedly used compromised worker credentials. As soon as contained in the service supplier’s programs, the unauthorized person downloaded SMS logs for particular customers inside a sure timeframe, the corporate stated.
Cisco Duo didn’t determine the compromised telephony supplier in its advisory.
“Extra particularly, the risk actor downloaded message logs for SMS messages that had been despatched to sure customers below your Duo account between March 1, 2024 and March 31, 2024,” Cisco stated in its buyer advisory. “The message logs didn’t comprise any message content material however did comprise the cellphone quantity, cellphone service, nation, and state to which every message was despatched, in addition to different metadata (e.g., date and time of the message, sort of message, and many others.).”
Cisco suggested impacted customers to inform anybody whose info was uncovered, and to stay vigilant in opposition to extra phishing assaults utilizing the stolen information.
This breach follows two particular developments, in line with Jeff Margolies, chief product and technique officer at Saviynt — social engineering cyberattack success, and a deal with identification safety suppliers.
“There have been numerous public assaults on identification safety suppliers, comparable to Okta and Microsoft, over the previous few years,” Margolies says. “It’s also possible to return so far as the RSA SecurID Token assault again in 2011 to see how far again these kinds of assaults go.”
Along with the vital want for identification safety suppliers to do extra to safe their programs, Margolies provides enterprise groups have to assess what a breach of those providers may imply to their very own cybersecurity posture.
“It is usually vital for corporations to know the reliance they’ve on third-party identification safety corporations, how an assault on these corporations would affect them, and what mitigating controls are in place to detect and reply to occasions with their Id safety suppliers,” he explains.