Voice Phishers Strike Again: Cisco Impacted

Cisco confirmed a breach where attackers conducted a voice phishing attack, allowing them to download profile data from a third-party CRM system. This breach exposed basic account details like names, addresses, and email addresses of individuals signed up on Cisco.com.

Fortunately, it was confirmed by Cisco that more sensitive information, such as passwords and proprietary customer data, remained secure. No other CRM instances or services were reportedly compromised.

Voice phishing has become a common tactic for ransomware groups targeting even the most secure organizations. Attackers use multiple methods, including email and phone calls, to make their scams credible.

To counter these attacks, multi-factor authentication using FIDO standards is recommended as it ties cryptographic keys to the domain name, preventing phishing based on spoofed sites. However, FIDO is still not widely adopted on its own due to fallback authentication methods.

The U.S. Cybersecurity and Infrastructure Security Agency offers guidelines to help organizations guard against such phishing attacks. You can access more detailed information from their resources.

For more stories and insights, you can follow Dan Goodin, Senior Security Editor at Ars Technica, who covers cybersecurity topics extensively.