Excerpt from BleepingComputer Post Article, Published on Apr 15, 2024
In a recent development, Cisco Duo’s security team issued a warning regarding a cyberattack on their telephony provider, resulting in the theft of some customers’ VoIP and SMS logs for multi-factor authentication (MFA) messages.
Cisco Duo, a leading multi-factor authentication and Single Sign-On service utilized by corporations for secure access to internal networks and corporate applications, has reported the breach to its customers. The incident, which occurred on April 1, 2024, involved a threat actor gaining access to employee credentials through a phishing attack, subsequently infiltrating the telephony provider’s systems.
The compromised data includes SMS and VoIP MFA message logs associated with specific Duo accounts between March 1, 2024, and March 31, 2024. Although the provider confirmed that the intruder did not access the message contents or send messages to customers, the stolen logs contain sensitive information such as phone numbers, carriers, location data, dates, times, and message types.
Upon discovery, the impacted supplier invalidated the compromised credentials, analyzed activity logs, and notified Cisco. Additional security measures have been implemented to prevent similar incidents in the future.
The breach affected around 1,000 customers, or about 1% of Duo’s total clientele. Cisco is actively collaborating with the supplier to investigate and address the incident. Customers impacted by the breach are advised to remain vigilant against potential SMS phishing or social engineering attacks utilizing the stolen information.
This incident underscores the escalating threat posed by social engineering attacks, as highlighted by the FBI’s warning last year. The importance of user education on recognizing and reporting suspicious activities is emphasized by Cisco, urging affected customers to promptly notify relevant incident response teams.
As investigations continue, Cisco has refrained from disclosing the supplier’s name but assures affected customers of ongoing updates and support through established communication channels.
To delve deeper into this topic, please read the full article on BleepingComputer.