A multi-factor authentication service has learned a lesson: relying on third-party companies is not a good idea.
A third-party company responsible for telephone communications in the multi-factor authentication service (MFA) Cisco Duo, was subjected to a cyber attack using social engineering methods. In this regard, Cisco asked its customers to be extremely careful and attentive to possible phishing fraud.
Users received a notification stating that the organization providing SMS transmission for Cisco Duo was hacked on April 1. As it became known, the attackers used stolen credentials of employees of the supplier company. After gaining access to its systems, they downloaded logs of SMS messages sent to certain Duo users between March 1 and March 31, 2024.
Cisco Duo does not disclose the name of the hacked partner. However, the representatives explained that the uploaded logs contained information about phone numbers, telecom operators, countries and regions where messages were sent, as well as other metadata, including dates, times and types of messages. The texts themselves were not stolen.
This incident fits into two worrying trends: the success rate of social engineering-based cyberattacks and the growing focus on identity service providers. According to Jeff Margolis, chief Product and strategy officer at Saviynt, there have been several high-profile hacks of services like Okta and Microsoft in recent years.
According to him, providers urgently need more effective measures to protect their systems. But it is also important that they carefully assess the implications for their own cybersecurity that possible attacks on partners may have.
A third-party company responsible for telephone communications in the multi-factor authentication service (MFA) Cisco Duo, was subjected to a cyber attack using social engineering methods. In this regard, Cisco asked its customers to be extremely careful and attentive to possible phishing fraud.
Users received a notification stating that the organization providing SMS transmission for Cisco Duo was hacked on April 1. As it became known, the attackers used stolen credentials of employees of the supplier company. After gaining access to its systems, they downloaded logs of SMS messages sent to certain Duo users between March 1 and March 31, 2024.
Cisco Duo does not disclose the name of the hacked partner. However, the representatives explained that the uploaded logs contained information about phone numbers, telecom operators, countries and regions where messages were sent, as well as other metadata, including dates, times and types of messages. The texts themselves were not stolen.
This incident fits into two worrying trends: the success rate of social engineering-based cyberattacks and the growing focus on identity service providers. According to Jeff Margolis, chief Product and strategy officer at Saviynt, there have been several high-profile hacks of services like Okta and Microsoft in recent years.
According to him, providers urgently need more effective measures to protect their systems. But it is also important that they carefully assess the implications for their own cybersecurity that possible attacks on partners may have.
