A third-party provider that handles telephony for Cisco’s Duo multi-factor authentication (MFA) service has been compromised in a social engineering cyberattack. Cisco Duo customers have now been warned to be on the lookout for any follow-up phishing schemes.
Customers were sent a notice explaining that the company that trafficked SMS and VOIP multi-factor authentication messages for Cisco Duo had been breached on April 1. The threat actors reportedly used compromised employee credentials. Once inside the service provider’s systems, the unauthorized user downloaded SMS logs for specific users within a certain period of time, the company said.
Cisco Duo did not identify the compromised telephony provider in its advisory.
“More specifically, the threat actor downloaded logs of SMS messages sent to certain users via the Duo account between March 1, 2024 and March 31, 2024,” Cisco said in its statement. customer consultancy. “The message logs did not contain any message content but contained the phone number, carrier, country and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.).”
Cisco advised affected users to notify anyone whose information had been exposed and to remain vigilant against further phishing attacks using the stolen data.
This breach follows two specific trends, according to Jeff Margolies, chief trust officer at Saviynt: success of social engineering cyber attacksand a focus on identity security providers.
“There have been numerous public attacks against identity security suppliers, such as Okay AND Microsoft“, in recent years,” says Margolies. “You can even go back to the RSA SecurID Token attack in 2011 to see how far back these types of attacks go.”
In addition to the critical need for identity security providers to do more to protect their systems, Margolies adds that business teams need to evaluate what a breach of these services could mean for their cybersecurity posture.
“It is also important that businesses understand the reliance they have on third-party identity security companies, what impact an attack on those companies would have on them, and what mitigation controls are in place to detect and respond to incidents with their identity security providers,” he explains.