CISCO’s Corporate Network breached with Vishing method
Network equipment manufacturer giant Cisco, confirmed on 11 August 2022, that their corporate network was breached by the Yanluowang ransomware group and they were able to obtain access to Cisco’s employees’ accounts. The attacker bypassed Multi-Factor Authentication (MFA) using a variety of techniques, which includes vishing (voice phishing) and MFA fatigue.
We have for some years proposed that identity verification is critical for the security required in many interpersonal exchanges within organizations. This might be for payments, passwords, purchasing equipment, and any form of communication..
It’s important to understand that a data breach is the result of many concerted actions by criminals – one of them might be getting a password through vishing! If you can take away one piece of the puzzle, the hackers will fail to succeed in obtaining any passwords or privileged credentials and they will not complete the puzzle.
Consider taking away the Vishing element of the puzzle with a forced workflow with the FastPass Identity verification module within your organization.
Finn Jensen, CEO