Cyber Attack on Cisco Duo breaches its multifactor authentication


Cisco Duo, which was acquired by Cisco in 2018, has notified its user base about a potential breach in its database stemming from a compromise on its servers. The breach, initiated through a social engineering attack, underscores the importance of remaining vigilant against phishing attempts, the company emphasizes.

The incident unfolded on April 1st, 2024, when the telephony service responsible for delivering two-factor authentication (2FA) for service authentication fell victim to a cyber assault. Initial investigations suggest that the breach occurred due to the theft of an employee’s credentials, which were then exploited to access SMS logs, location data, carrier information, and timestamps from the database, all of which were recorded between March 1st and 31st of this same year. This breach has raised concerns about potential future breaches and phishing schemes.

The origin of the attack remains unclear, with speculations ranging from state-sponsored groups to individual actors. Nevertheless, the compromise of user phone number details poses significant risks, including potential sim swapping attacks in the near future.

Over the past two years, there has been a surge in cyber attacks targeting databases of technology providers such as Microsoft and Okta, aimed at stealing tokens and sensitive information like email content and source codes. This type of information is highly sought after on the dark web.

Given the escalating threat landscape, it is imperative to adopt proactive measures to defend against such attacks. While no system can claim to be entirely immune to cyber threats, enhancing defense mechanisms is crucial. Nevertheless, businesses must remain vigilant and prepare for potential breaches, acknowledging that complete immunity is unattainable.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display