Voice Phishing Strikes Cisco: What We Know

Recently, Cisco experienced a security breach due to a voice phishing attack, where a representative inadvertently divulged information. This breach allowed cyber criminals to download user data from a third-party customer relationship management (CRM) system. The information accessed included names, organization details, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and metadata related to accounts.

Though the breach exposed basic profile information, Cisco confirmed that no sensitive data like passwords or proprietary information was compromised. They added that no other CRM instances or company products and services were affected, providing reassurance to clients.

Voice phishing, or "vishing," has become a favored technique for ransomware groups to bypass the defenses of even the most secure organizations. In some cases, attackers use multiple forms of communication, including emails and text messages, to deceive targets. Notable companies such as Microsoft, Twilio, and Twitter have also faced similar threats, highlighting the evolving scope of these cyber attacks.

Implementing multi-factor authentication (MFA) systems that are compliant with industry standards like FIDO can offer a robust defense against these attacks. By binding cryptographic keys to domain names and requiring physical proximity of devices, organizations can thwart spoofed phishing sites. However, given the novelty of FIDO-compliant MFAs, organizations still provide alternative authentication methods, which require careful management to prevent new vulnerabilities.

The US Cybersecurity and Infrastructure Security Agency provides guidelines to safeguard against social engineering attacks, emphasizing the importance of updated security protocols in the face of advanced phishing tactics.