Damien Black Senior Journalist Updated on: 11 August 2022

cybersecurity firm cisco admits to being hacked

Image by Shutterstock

Cisco has confirmed that it was hacked earlier this year, in a breach that reportedly saw it stripped of 2.75GB of data.

The admission marks the latest stage in what appears to be a general escalation in the wider cyberwar, with cybersecurity companies increasingly targeted themselves by threat actors.

According to the company’s own testimonial, threat actors published a list of data they stole from Cisco on the dark web on August 10, prompting it to respond with an admission that it had been breached back in May.

Though Cisco sought to play down the attack, claiming that nothing of real value was taken, the revelation confirms that it has joined Twilio and Crowdflare, who were both breached by the very cybercriminals they seek to defend against.

“We took immediate action to contain and eradicate the bad actors,” said Cisco. “We have taken steps to remediate the impact of the incident and further harden our IT environment. No ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since discovering the incident.”

The cybersecurity firm claims that none of its products, services, sensitive customer or employee data, intellectual property, or supply chain operations have been affected by the attack.

Lapsus$ links

Cisco affiliate organization Talos Intelligence believes the attack was the work of “an adversary previously identified as an initial-access broker with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators.”

Talos further believes the cybersecurity company’s defenses were breached “via the successful compromise of a Cisco employee’s personal Google account.”

“The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account,” said Talos. “After obtaining the user’s credentials, the attacker attempted to bypass multifactor authentication (MFA) using a variety of techniques, including voice phishing and MFA fatigue.”

The latter term refers to a technique whereby a threat actor seeks to overwhelm a target by sending repeated push requests to its device “until the user accepts, either accidentally, or simply to silence the repeated push notifications they are receiving.”

“Once the attacker obtained initial access, they enrolled a series of new devices for MFA and authenticated successfully to the Cisco VPN,” said Talos.

This allowed the cyber-attackers to escalate their access privileges and infiltrate multiple systems operated by Cisco. At this point the company’s incident response team was alerted to the attack, which Talos said involved “remote access tools LogMeIn and TeamViewer [and] offensive security tools Cobalt Strike, PowerSploit, Mimikatz, and Impacket.”

Cisco on high alert

Citing BleepingComputer, Black Hat Ethical Hacking group said the threat actors behind the cyberattack “claimed to have stolen 2.75GB of data, consisting of approximately 3,100 files,” which it said were mostly “non-disclosure agreements, data dumps, and engineering drawings.”

Cisco said it hopes to use the incident as “an opportunity to learn, strengthen our resilience, and help the wider security community.”

It claims to have updated its cybersecurity products with “intelligence gained from observing the bad actor’s techniques,” and has notified the authorities of the breach.

TECH NEWS RELATED

Australia demands Optus pay for new customer ID documents

An Optus phone sign hangs above its store in Sydney, Australia, Thursday, Oct. 7, 2021. Australia’s federal and state governments on Wednesday, Sept. 28, 2022, called for Optus to pay for replacing identification documents including passports and driver’s licenses to avoid identity fraud after 9.8 million of the telecommunications ...

View more: Australia demands Optus pay for new customer ID documents

Cyberattacks a top concern across all business sizes, economic uncertainty a close second, new survey shows

Credit: Pixabay/CC0 Public Domain Cyberattacks are now so common that the majority of businesses responding to a new survey not only viewed them as their top concern but a majority saw a future attack on their organization as inevitable. An annual survey of businesses by insurance giant Travelers Cos., ...

View more: Cyberattacks a top concern across all business sizes, economic uncertainty a close second, new survey shows

Australian board directors urged to boost cybersecurity skills

Credit: Pixabay/CC0 Public Domain A University of Queensland study has identified a need to prioritize cybersecurity training for board directors, to better protect Australian organizations from cyber-attacks. Dr. Ivano Bongiovanni from the UQ Business School said his research found board directors were not always sure about their duties and ...

View more: Australian board directors urged to boost cybersecurity skills

Australian police probe purported hacker's ransom demand

A customer waits for service at a Optus phone store in Sydney, Australia, Thursday, Oct. 7, 2021. The Australian government said on Monday, Sept. 26, 2022, it was considering tougher cybersecurity rules for telecommunications companies after Optus, the nation’s second-largest wireless carrier, reported personal data of 9.8 million customers ...

View more: Australian police probe purported hacker's ransom demand

New report offers blueprint for regulation of facial recognition technology

Credit: Pixabay/CC0 Public Domain A new report from the University of Technology Sydney (UTS) Human Technology Institute outlines a model law for facial recognition technology to protect against harmful use of this technology, but also foster innovation for public benefit. Australian law was not drafted with widespread use of ...

View more: New report offers blueprint for regulation of facial recognition technology

Hackers leak French hospital patient data in ransom fight

Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed. The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital near Paris a month ago, but the institution refused to pay. The hospital said the ...

View more: Hackers leak French hospital patient data in ransom fight

Python affected by 15-year-old bug that keeps on giving

In brief: The Python programming language is being impacted by security issue programmers have know about for a while. Trellix researchers recently rediscovered a bug, highlighting the risk for hundreds of thousands of software projects and creating patches for tens of thousands of them. Being one of the most ...

View more: Python affected by 15-year-old bug that keeps on giving

Quantum encryption to boost European autonomy

Credit: European Space Agency Cyberattacks and geopolitics threaten today’s increasingly digital world, leading to the disruption of essential supplies such as power and water. ESA, the European Commission and space companies in Europe are teaming up to work towards a highly secure, satellite-enabled connectivity system for the EU—based on ...

View more: Quantum encryption to boost European autonomy

Cyberattack steals passenger data from Portuguese airline

'Bad buzz': Gaming industry reels from 'Grand Theft Auto' hack

LA Unified cyberattackers demand ransom

Deepfake audio has a tell: Researchers use fluid dynamics to spot artificial imposter voices

Hackers accessed data on some American Airlines customers

'Grand Theft Auto' maker says game code stolen

Hackers are spreading malware through YouTube channels promoting game cheats

Color image encryption using an improved version of stream cipher and chaos

Hacker claims to breach Uber, security researcher says

Three questions about quantum computing and secure communications

EU wants to toughen cybersecurity rules for smart devices

FIFA 23 and other EA titles will come with controversial "kernel-mode" anti-cheat software

OTHER TECH NEWS

Top Car News Car News