• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Tech News»Cisco averts cyber disaster after successful phishing attack
Tech News

Cisco averts cyber disaster after successful phishing attack

August 12, 2022No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Cisco averts cyber disaster after successful phishing attack
Share
Facebook Twitter LinkedIn Pinterest Email

Cisco has revealed that it has fought off a potentially damaging cyber incident that unfolded after a threat actor conducted a phishing attack on one of its employees by abusing their personal Google account to access its network.

The network hardware supplier said the attacker was likely an initial access broker (IAB) with links to the UNC2447 cyber crime gang, a Chinese ransomware operator known as Yanluowang, and the Lapsus$ group – a gang of teens who abused failings in multifactor authentication (MFA) to target multiple tech companies earlier this year.

Cisco disclosed it had been attacked on 10 August after its name appeared on Yangluowang’s dark web leak site (see image below), but the attack unfolded more than two months ago on 24 May, since when the organisation’s internal Cisco Security Incident Response (CSIRT) and its Cisco Talos cyber unit have been working to remediate it.

#yanluowang ransomware has posted #Cisco to its leaksite. #cybersecurity #infosec #ransomware pic.twitter.com/kwrfjbwbkT

— CyberKnow (@Cyberknow20)
August 10, 2022

“During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronised,” said the Talos team in its disclosure notice.

“The attacker [then] conducted a series of sophisticated voice phishing attacks under the guise of various trusted organisations attempting to convince the victim to accept MFA push notifications initiated by the attacker.

“The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to [the] VPN in the context of the targeted user.”

See also  Apex Legends input lag on Xbox has a fix for Elite controllers

After gaining access, the attacker conducted a variety of activities to achieve persistence, cover their tracks and elevate their privileges within Cisco’s network. They were able to move into Cisco’s Citrix environment, compromise a number of servers and obtained privileged access to domain controllers.

Ultimately, they were successfully able to exfiltrate the contents of a Box folder associated with the compromised employee’s account, and employee authentication data from Active Directory.

Once detected and removed from the network, the threat actor repeatedly attempted to regain access by targeting employees who they suspected had made single character changes to their passwords following a mandated credential reset across Cisco. They were unsuccessful in this.

The threat actor also attempted to email various high-level Cisco staffers threatening to leak the data stolen from Box, but they did not make any specific threats or extortion demands.

No ransomware was actually deployed at any point, and CSIRT and Talos said they had not found any evidence that the attacker had accessed any critical systems.

“The incident was contained to the corporate IT environment and Cisco did not identify any impact to any Cisco products or services, sensitive customer data or employee information, Cisco intellectual property, or supply chain operations,” said Cisco in a statement.

“No customer [or] partner action is required for Cisco products or services. Cisco has updated its security products with intelligence gained from observing the bad actor’s techniques, shared Indicators of Compromise [IOCs] with other parties, reached out to law enforcement and other partners, and is sharing further technical details via a Talos blog to help cyber defenders learn from our observations.”

See also  Ex-youth footballers kick-start cyber careers

It added: “Cisco has extensive IT monitoring and remediation capabilities. We have used these capabilities to implement additional protections, block any unauthorised access attempts, and mitigate the security threat. We are also putting additional emphasis on employee cyber security hygiene and best practices to avoid similar instances in the future.”

Immuniweb founder and CEO Ilia Kolochenko said that on this occasion, Cisco had been lucky: “Cyber security and technology vendors are now massively targeted by sophisticated threat actors for different interplayed reasons,” he said.

“First, vendors usually have privileged access to their enterprise and government customers and thus can open doors to invisible and super-efficient supply chain attacks.

“Second, vendors frequently have invaluable cyber threat intelligence: bad guys are strongly motivated to conduct counter-intelligence operations, aimed to find out where law enforcement and private vendors are with their investigations and upcoming police raids.

“Third, some vendors are a highly attractive target because they possess the most recent DFIR tools and techniques used to detect intrusions and uncover cyber criminals, whilst some other vendors may have exploits for zero-day vulnerabilities or even source code of sophisticated spyware, which can later be used against new victims or sold on the dark web.

“That being said, we shall prepare for a continually growing volume and sophistication of cyber attacks targeting technology companies, namely security vendors,” added Kolochenko.



Source link

Attack averts Cisco Cyber disaster Phishing Successful
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

The Secret Ways Of Thinking That Power The World’s Most Successful People

June 20, 2023

How To Build A Successful Business And Maintain A Work-Life Balance

June 6, 2023

10 Tips For Building A Successful Podcast

March 27, 2023

Pacific Northwest startups most likely to have a successful exit, according to PitchBook – Startup

March 27, 2023
Add A Comment

Comments are closed.

Editors Picks

Netease Games has acquired Quantic Dream

August 31, 2022

How To Leverage An Omnichannel Marketing Strategy To Reach Your Audience Wherever They Are

July 17, 2023

Pokemon Go’s Season of Light will see the debut of the Legendary Pokemon Cosmog

August 31, 2022

Summer Games Done Quick is back for 2022 with plenty of PC speedruns

June 27, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.