CISCO’s Corporate Network breached with Vishing method
Network equipment manufacturer giant Cisco, confirmed on 11 August 2022, that their corporate network was breached by the Yanluowang ransomware group and they were able to obtain access to Cisco’s employees’ accounts. The attacker bypassed Multi-Factor Authentication (MFA) using a variety of techniques, which includes vishing (voice phishing) and MFA fatigue.
See the full story: https://beaglesecurity.com/blog/article/cisco-attack-by-yanluowang-ransomware-gang.html
We have for some years proposed that identity verification is critical for the security required in many interpersonal exchanges within organizations. This might be for payments, passwords, purchasing equipment, and any form of communication..
Our audience always understands the theoretical risk – but the question often is: “Does it happen in reality?” The networking giant Cisco has now fallen victim along with Twitter and Robinhood.
It’s important to understand that a data breach is the result of many concerted actions by criminals – one of them might be getting a password through vishing! If you can take away one piece of the puzzle, the hackers will fail to succeed in obtaining any passwords or privileged credentials and they will not complete the puzzle.
Consider taking away the Vishing element of the puzzle with a forced workflow with the FastPass Identity verification module within your organization.
Finn Jensen, CEO