Successful phishing: Attackers attack MFA service providers for Cisco Duo
Cisco calls its Zero Trust security platform “Duo” for short. Their access is protected by state-of-the-art multi-factor authentication (MFA). Through a phishing attack on Cisco's service provider, attackers were able to access the provider and steal logs that contained information such as telephone numbers, network operators, countries and other metadata. Cisco has released a message informing about the incident affecting the Duo telephony provider. This provider is used by Duo to send MFA messages to customers via SMS and VOIP. Cisco is actively working with the vendor to investigate and resolve the incident….