Voice Phishers Target Cisco in Latest Attack

Cisco recently confirmed that one of its representatives fell victim to a voice phishing attack. This security breach enabled cybercriminals to access and download user profile information from a third-party customer relationship management system.

The compromised data consisted mainly of basic account details, such as names, organization names, addresses, email addresses, and user IDs assigned by Cisco. Fortunately, the investigation revealed that no sensitive or proprietary customer information, like passwords, was exposed. There was also no indication of any further breaches in other CRM instances, nor impact on Cisco's products and services.

Voice phishing, part of a broader set of phishing strategies, is increasingly favored by ransomware groups and other malicious actors. Their methods often involve a combination of communication channels, including emails, voice calls, and text messages, to appear as legitimate authentication processes used by the target. This meticulous approach has managed to infiltrate several notable companies in the past.

Implementing multi-factor authentication (MFA) is essential to protect against these threats. Specifically, the FIDO standard, developed by a global consortium, offers robust protection. It uses cryptographic keys tied to the domain name of the service, effectively countering attacks that rely on phishing sites. The requirement for the MFA credential to be physically near the login device further mitigates risks, as it disrupts attempts by attackers operating remotely.

However, due to its novelty, FIDO MFA is not yet widely deployed without alternative authentication methods for account recovery. Organizations need to enhance safeguards to address this gap. The U.S. Cybersecurity and Infrastructure Security Agency offers resources to strengthen resistance against phishing attempts, which can be accessed here.