Cisco calls its Zero Trust security platform “Duo” for short. Their access is protected by state-of-the-art multi-factor authentication (MFA). Through a phishing attack on Cisco's service provider, attackers were able to access the provider and steal logs that contained information such as telephone numbers, network operators, countries and other metadata.
Cisco has released a message informing about the incident affecting the Duo telephony provider. This provider is used by Duo to send MFA messages to customers via SMS and VOIP. Cisco is actively working with the vendor to investigate and resolve the incident.
Cisco's communications provider is infiltrated by phishing
According to the provider, on April 1, 2024, an attacker gained access to its internal systems through phishing and downloaded MFA SMS message logs associated with Duo accounts. According to Cisco, the logs do not contain message content, but do contain telephone numbers, network operators, countries and states and other metadata. The provider confirmed that the attacker did not have access to the contents of the messages.
Upon discovery of the incident, the vendor immediately initiated an investigation, implemented mitigation measures, and notified Cisco. Measures have also been put in place to prevent future incidents and reduce the risk of social engineering attacks. The vendor also provided Cisco with copies of the message logs captured by the attacker. Customers can ask Duo whether they are affected.
More at Cisco.com
About Cisco Cisco is the world's leading technology company that makes the Internet possible. Cisco is opening new possibilities for applications, data security, infrastructure transformation and the empowerment of teams for a global and inclusive future.