Technology giant claims an employee’s credentials were compromised after an attacker gained control of a personal Google account.

cisco, cyber security
Credit: Dreamstime

Technology giant Cisco has admitted suffering a security incident targeting its corporate IT infrastructure in late May 2022.

On August 10, the vendor stated that an employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronised. Bad actors published a list of files from this security incident to the dark web, Cisco added.

“The incident was contained to the corporate IT environment and Cisco did not identify any impact to any Cisco products or services, sensitive customer data or employee information, Cisco intellectual property, or supply chain operations,” the company said. 

Cisco claimed it took immediate action to contain and eradicate the bad actor, which it has linked to notorious threat group Lapsus$. It also said that it has taken the decision to publicly announce the incident now as it was previously actively collecting information about the bad actor to help protect the security community.

Attacker used “sophisticated voice phishing” tactics

In an executive summary of the incident, Cisco Security Incident Response (CSIRT) and the company’s cyber security intelligent group Cisco Talos wrote “the attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organisations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker.

“The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user.”

CSIRT and Talos have not identified any evidence suggesting that the attacker gained access to critical internal systems, such as those related to product development and code signing, they added. After obtaining initial access, the threat actor conducted activities to maintain access, minimise forensic artifacts, and increase their level of access to systems within the environment.  

“The threat actor was successfully removed from the environment and displayed persistence, repeatedly attempting to regain access in the weeks following the attack. However, these attempts were unsuccessful.”

Attack linked to Lapsus$ threat group

Cisco assessed with “moderated to high confidence” that this attack was conducted by an adversary that has been previously identified as an initial access broker (IAB) with ties to the UNC2447 cyber crime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators. 

“UNC2447 is a financially motivated threat actor with a nexus to Russia that has been previously observed conducting ransomware attacks and leveraging a technique known as ‘double extortion,’ in which data is exfiltrated prior to ransomware deployment to coerce victims into paying ransom demands. 

Prior reporting indicates that UNC2447 has been observed operating a variety of ransomware, including FIVEHANDS, HELLOKITTY, and more.”

However, Cisco stated that no ransomware has been observed or deployed in the attack. 

“Every cyber security incident is an opportunity to learn, strengthen our resilience, and help the wider security community,” the vendor stated. “Cisco has updated its security products with intelligence gained from observing the bad actor’s techniques, shared indicators of compromise (IOCs) with other parties, reached out to law enforcement and other partners.”

Cisco has implemented a company-wide password reset upon learning of the incident.

Strengthen MFA, device verification and network segmentation to mitigate risks

Cisco advised organisations to take steps to mitigate the risks associated with this incident, including strengthening MFA, device verification, and network segmentation. 

“Given the actor’s demonstrated proficiency in using a wide array of techniques to obtain initial access, user education is also a key part of countering MFA bypass techniques,” it added.

“Equally important to implementing MFA is ensuring that employees are educated on what to do and how to respond if they get errant push requests on their respective phones. It is also essential to educate employees about who to contact if such incidents do arise to help determine if the event was a technical issue or malicious.”

It is beneficial to implement strong device verification by enforcing stricter controls around device status to limit or block enrollment and access from unmanaged or unknown devices, Cisco added. 

Network segmentation is another important security control that organisations should employ, as it provides enhanced protection for high-value assets and enables more effective detection and response capabilities in situations where an adversary is able to gain initial access into the environment, the firm said.

“Centralised log collection can help minimise the lack of visibility that results when an attacker takes active steps to remove logs from systems. Ensuring that the log data generated by endpoints is centrally collected and analysed for anomalous or overtly malicious behaviour can provide early indication when an attack is underway.”

TECH NEWS RELATED

Robotaxi Developer Pony AI Is Coming to Arizona

The Tucson area is embarking on Level 4 testing, with safety drivers behind the wheel.

View more: Robotaxi Developer Pony AI Is Coming to Arizona

Brand-New Quantum Computing System Developed For More Effective 'Erasure Error' Corrections

(Photo : THOMAS KIENZLE/AFP via Getty Images) A photonic chip for quantum computing lies under a microscope. Researchers have recently uncovered a brand-new approach for correcting quantum computer calculation errors, possibly eliminating a substantial barrier to a powerful new field of computing. A SciTechDaily report describes “error correction” as ...

View more: Brand-New Quantum Computing System Developed For More Effective 'Erasure Error' Corrections

Listening to the song of melting glaciers

Kongsvegen, the Arctic glacier in Svalbard where we carried out our research. To find out what lies hundreds of metres below, we drilled down to the sediments beneath the glacier (see green stars). There, we installed a ploughmeter to measure the forces at the base of the glacier, and ...

View more: Listening to the song of melting glaciers

NASA spacecraft buzzes Jupiter moon Europa, closest in years

This image made available by NASA in 2014 shows Jupiter’s icy moon Europa in a reprocessed color view, made from images captured by NASA’s Galileo spacecraft in the late 1990s. NASA’s Juno spacecraft made the closest approach to Jupiter’s tantalizing, icy moon Europa in more than 20 years on ...

View more: NASA spacecraft buzzes Jupiter moon Europa, closest in years

Rover findings offer glimpse of Red Planet's ancient landscape

Perseverance takes a selfie on Mars. Credit: NASA/JPL-Caltech/MSSS CU Boulder geologist Lisa Mayhew is among the scientists working to recreate the history of an ancient landscape that wouldn’t look out of place in Utah—only this terrain sits on Mars millions of miles from Earth. Mayhew is a member of the ...

View more: Rover findings offer glimpse of Red Planet's ancient landscape

Magpies, curlews, peregrine falcons: How birds adapt to our cities, bringing wonder and joy and conflict

Common Magpie Pica pica, West Drayton, London, United Kingdom. Credit: Justin Otto/Wikipedia/CC BY 2.0 For all the vastness of our Outback and bush, most Australians live in urban areas. In cities, we live within an orderly landscape, molded and manufactured by us to suit our needs. But other species ...

View more: Magpies, curlews, peregrine falcons: How birds adapt to our cities, bringing wonder and joy and conflict

Nothing Ear (stick) design revealed, Phone (1) new update brings camera improvements

Nothing recently teased a new pair of true wireless earbuds at the London Fashion Week. The Nothing Ear (stick) will launch later this year, but the company recently released a new hands-on video from internationally acclaimed designer Errolson Hugh. The company confirmed that the Nothing Ear (stick) is launching ...

View more: Nothing Ear (stick) design revealed, Phone (1) new update brings camera improvements

Apple might create more differentiation between iPhone 15 Pro and Pro Max

Future generations of iPhone Pro Max models could have better specs than the Pro models. Analyst Ming-Chi Kuo shared in a series of tweets that the popularity of the Apple iPhone 14 Pro Max might encourage Apple to create more differentiation between the iPhone 15 Pro and iPhone 15 ...

View more: Apple might create more differentiation between iPhone 15 Pro and Pro Max

Google promises Greece 20K jobs with cloud expansion

Lordstown Motors starts making electric trucks at Ohio plant

Hurricane Ian: When the power grid goes out, could solar and batteries power your home?

Chernobyl black frogs reveal evolution in action

Virtual Labrador could help researchers tackle dog bites

Good coffee, bad coffee: The curious tastes of cultural omnivores

We tend to underestimate our future expenses. Here's one way to prevent that

From super-sealings to the detection of dangerous cables thanks to ion beams

'Decarbonization is too expensive': How to sell climate change action to bean counters

Mystery of extinct New Zealand fish unraveled

Chess: How to spot a potential cheat

Leicester space tech sector gets £19.4m government funding

OTHER TECH NEWS

Top Car News Car News