Cisco reveals cyberattack on its corporate network

Phishing Email Scam.
Image: Adobe Stock

Networking giant Cisco was the victim of a cyberattack in May. In a notice posted on Wednesday, the company announced that it discovered a security incident that targeted its corporate IT infrastructure on May 24. Though some files were compromised and published, Cisco said that no ransomware has been found, that it managed to block additional attempts to access its network beyond the initial breach, and that it has shored up its defenses to prevent further such incidents.

“Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations,” the company said in its notice. “We have also implemented additional measures to enhance the security of our systems and are sharing technical details to help protect the wider security community.”

What happened during the attack?

An email sent from the attackers to Cisco.
An email sent from the attackers to Cisco.
Image: Cisco Talos

A supplemental notice published by Cisco Talos, the company’s threat intelligence arm, revealed greater details about the attack. Upon its investigation, Cisco Talos found that an employee’s credentials were compromised after the attacker took control of a personal Google account in which the individual’s credentials were stored and synchronized.

Following that initial breach, the attacker used voice phishing attacks in which they impersonated trusted organizations to convince users to accept fraudulent multi-factor authentication notifications. Those MFA notifications ultimately proved successful, thereby giving the attacker access to a VPN used by employees.

SEE: Mobile device security policy (TechRepublic Premium)

Who was responsible for the attack on Cisco’s network?

Pointing to the potential culprit, Cisco Talos said that the attack was probably carried out by someone identified as an initial access broker with ties to the UNC2447 cybercrime gang, the Lapsus$ group, and Yanluowang ransomware operators. Initial access brokers typically breach organizations and then sell the access to ransomware gangs and other cybercriminals.

Specializing in ransomware, the UNC2447 gang threatens to publish whatever data it compromises or sell the information on hacker forums unless the ransom is paid. Relatively new to the world of cybercrime, the Lapsus$ group uses social engineering tactics, such as MFA requests, to trick its victims. Named after the Chinese deity that judges the souls of the dead, Yanluowang ransomware attackers vow to publicly leak the stolen data and launch DDoS attacks unless the ransom payment is made.

“This was a sophisticated attack on a high-profile target by experienced hackers that required a lot of persistence and coordination to pull off,” said Paul Bischoff, privacy advocate with Comparitech. “It was a multi-stage attack that required compromising a user’s credentials, phishing other staff for MFA codes, traversing CISCO’s corporate network, taking steps to maintain access and hide traces, and exfiltrating data. Cisco says the attack was most likely carried out by an initial access broker, or IAB. Although some data was exfiltrated, an IAB’s main role is to sell other hackers access to private networks, who might later carry out further attacks such as data theft, supply chain attacks on Cisco software, and ransomware.”

A tweet posted by threat intelligence provider Cyberknow included a screenshot of the leak site of the Yanluowang ransomware group showing Cisco as its latest victim. The Cisco Talos notice displayed a screenshot of an email received by Cisco from the attackers. Threatening Cisco that “no one will know about the incident and information leakage if you pay us,” the email shows a directory of some of the files breached in the attack.

Why security companies are becoming targets

Cybersecurity and technology vendors are increasingly being targeted by cybercriminals. And the attacks are being conducted for several reasons, according to ImmuniWeb Founder and Cybersecurity Expert Ilia Kolochenko.

“First, vendors usually have privileged access to their enterprise and government customers and thus can open doors to invisible and super-efficient supply-chain attacks,” Kolochenko said. “Second, vendors frequently have invaluable cyber threat intelligence.”

In search of useful threat intelligence, attackers conduct surveillance to determine the status of investigations by private vendors and potential police raids by law enforcement, Kolochenko explained.

“Third, some vendors are a highly attractive target because they possess the most recent DFIR (Digital Forensics and Incident Response) tools and techniques used to detect intrusions and uncover cybercriminals, whilst some other vendors may have exploits for zero-day vulnerabilities or even source code of sophisticated spyware, which can later be used against new victims or sold on the Dark Web,” Kolochenko added.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

How security pros can protect their companies from similar attacks

In addition to describing the attack and Cisco’s response, the Talos group provided tips for other organizations on how to combat these types of attacks.

Educate your users 

Many attackers like to use social engineering tricks to compromise an organization. User education is an important step toward fighting such attempts. Make sure your employees know the legitimate methods that support staff will use to contact them. With the abuse of MFA notifications, also ensure that employees know how to respond if they receive unusual requests on their phones. They should know whom to contact to help determine if the request is a technical glitch or something malicious.

Verify employee devices 

Adopt strong device verification by setting up strict controls about device status and be sure to limit or block enrollment and access from unmanaged or unknown devices. Implement risk detection to identify unusual events such as a new device being used from an unrealistic location.

Enforce security requirements for VPN access 

Before allowing VPN access from remote endpoints, use posture checking to ensure that connecting devices match your security requirements and that rogue devices not previously approved are prevented from connecting.

Segment your network 

Network segmentation is another vital security method as it can better protect important assets and help you better detect and respond to suspicious activity.

Use centralized logs 

By relying on centralized logs, you can better determine if an attacker tries to remove any logs from your system. Make sure that the log data from endpoints is centrally collected and analyzed for suspicious behavior.

Turn to offline backups 

In many incidents, attackers targeted the backup infrastructure to prevent an organization from restoring files compromised in an attack. To counter this, make sure that your backups are stored offline and regularly test recovery to make sure you can bounce back after an attack.

Source link

istanbul escort aksaray escort arnavutköy escort ataköy escort avcılar escort avcılar türbanlı escort avrupa yakası escort bağcılar escort bahçelievler escort bahçeşehir escort bakırköy escort başakşehir escort bayrampaşa escort beşiktaş escort beykent escort beylikdüzü escort beylikdüzü türbanlı escort beyoğlu escort büyükçekmece escort cevizlibağ escort çapa escort çatalca escort esenler escort esenyurt escort esenyurt türbanlı escort etiler escort eyüp escort fatih escort fındıkzade escort florya escort gaziosmanpaşa escort güneşli escort güngören escort halkalı escort ikitelli escort istanbul escort kağıthane escort kayaşehir escort küçükçekmece escort mecidiyeköy escort merter escort nişantaşı escort sarıyer escort sefaköy escort silivri escort sultangazi escort suriyeli escort şirinevler escort şişli escort taksim escort topkapı escort yenibosna escort zeytinburnu escort porno 1080p porno izle 4k porno izle 720p porno izle abella danger alman alman porno alman porno izle aloha tube porno amatör amatör porno amatör porno izle anal anal porno anal porno izle arap porno asa akira porno asyalı porno bangbros porno bangbros porno izle banyoda sikis başörtülü porno beeg porno izle beyaz tenli porno izle biseksuel porno izle bisexsuel porno brandi love porno brazzers brazzers porno izle canli porno canli porno izle çinli porno çinli porno izle ensest porno ensest porno izle ensest seks erotik porno erotik porno izle esmer porno esmer porno izle etek altı fake agent fake taxi fake taxi porno fantazi pornoları fantezi porno izle fetiş porno fetiş porno izle fetish fransız porno fransız porno izle full hd hg porno izle gangbang porno genç kız porno izle genç kız sikişi genç teen porno izle gizli çekim porno gizli çekim pornosu grup pornosu grup porno grup porno izle hd pornolar hd porno hd porno izle hemşire porno hemşire pornosu hizmetçi porno hizmetçi porno izle ingiliz porno japon pornoları japon porno kızlık bozma kızlık bozma porno izle konulu porno konulu porno izle koreli porno köylü pornoları kumral porno kumral porno izle latin pornoları latin porno latin porno izle lezbiyen pornoları lezbiyen porno lezbiyen porno izle lisa ann porno liseli pornoları liseli porno liseli porno izle manken porno manken porno izle masaj porno izle masturbasyon porno izle masturbasyon pornoları mature porno mia khalifa porno mia malkova porno milf porno izle mobil porno mobil porno izle öğrenci porno izle öğretmen porno izle okul porno izle olgun kadın pornosu olgun porno oral porno oral porno izle oral seks porna izle pornhub pornhub porno izle porno film izle porno indir porno izle porno resimler porno star porntube porno izle redtube redtube pornoları riley reid porno rokettube rus pornoları rus porno rus porno izle sakso blowjob porno izle sarışın pornoları sarışın porno sarışın porno izle sarışın pornoları sekreter porno shemale sikiş sikiş sikiş izle şişman porno siyahi pornoları suriyeli pornoları swinger porno tecavüz porno teen porn türbanlı pornoları türbanlı porno türk pornoları türk porno türk porno izle türkçe altyazılı porno türkçe altyazılı porno izle xhamster pornoları xhamster porno xhamster porno izle xnxx xnxx porno xnxx porno izle xvideos xvideos porno izle yaşlı porno yeşilçam porno izle youjizz youporn youporn porno izle zenci porno güvenilir bahis siteleri bahis siteleri casino deneme bonusu casino siteleri deneme bonusu para yatırma bonusu bahis siteleri casino siteleribahis sitesi para yatırma