Cisco Duo Data Breach: SMS Message Logs Exploited
Cisco has recently announced a breach of one of its vendors. The breach was produced through a sophisticated phishing attack that compromised a telephony provider’s employee credentials. The attackers exploited this access to download a set of MFA SMS message logs associated with Duo accounts.
These logs contained sensitive information, including phone numbers, carriers, and the geographical location of the messages sent between March 1, 2024, and March 31, 2024.
Vertilocity has contacted Cisco Duo’s investigation team and verified that no clients subscribed to Duo through Vertilocity are affected.
Cisco specifically recommends that users should be enrolled in regular cyber-security education programming on the risks of social engineering.
For information about the Cisco Duo please review the disclosure released by Cisco: [Important Notice] Security Incident Involving Duo Supplier (cisco.com)
As always, please be on the lookout for scams, as malicious groups will often attempt to use the information gathered from these kinds of breaches to try to obtain greater access to your digital domain, including other accounts. We have recently observed an increase in scam activity in which the scammer will identify themselves as being with the Fraud Protection or Support teams for major organizations like Amazon, Google, or Microsoft. They provide information about the customer to “prove” that they are who they say and then attempt to extract other information. They are often particularly interested in getting users to look up and provide their IMEI or SIM numbers from the Settings of their cell phone so that they can bypass Multifactor Authentication, MFA, or otherwise gain access to a customer’s accounts.
Vertilocity also recommends the following to help protect against Fraud and Security Breaches
- Never disclose personal information or account information to anyone contacting you on an unsolicited phone call.
- Ensure that any accounts accessible from the public internet have MFA enabled
- Leverage Single Sign-on solutions with MFA or passwordless security wherever possible, or implement a password management system to ensure that your passwords are complex and unique for every account.
- Consider implementing end-user training programs to help you and your users identify scam and phishing behaviors and avoid making mistakes that can lead to substantial losses.
- Ensure that you have an effective email filtering solution that can identify spam, phishing, scams and malicious links and attachment
- Consider implementing services that can detect email account takeover and advanced impersonation attempts
You can check by entering their email account associated with their AT&T account at Have I Been Pwned. It will list any known data breaches that an email account was involved in. In each case, consider when the breach occurred and ensure any associated account has had the password updated since the breach occurred.
If you have any questions or concerns regarding these breaches or any other cybersecurity matters, please don’t hesitate to reach out to us at MSP@Vertilocity.com. We are here to provide you with the support and guidance you need.