Attackers gained access to Cisco’s network via employee’s Google account
Cisco has confirmed a breach of its network in May 2022, where the attackers managed to gain access to the company’s virtual private network (VPN) via employee’s Google account.
The attacker compromised a Cisco employee’s personal Google account, which gave them access to his business credentials through the synchronized password store in Google Chrome. To bypass the Multi-Factor Authentication (MFA) protecting access to Cisco’s corporate VPN, the attacker attempted voice phishing, or vishing, and repeatedly pushed MFA authentication requests to the employee’s phone. Eventually, the worker through alert fatigue, accepted the push request, giving the attacker access to Cisco’s network.
By gaining the access to VPN , the attacker then tried to move through the network by escalating privileges and logging into multiple systems. The threat actor installed several tools, such as remote access software LogMeIn and TeamViewer, as well as offensive security tools, such as Cobalt Strike and Mimikatz, both in wide use by attackers.
Cisco acknowledged the incident in a brief press statement, maintaining that the company discovered the breach on May 24, 2022 and took immediate action to contain and eradicate the bad actors, remediate the impact of the incident, and further harden their IT environment. While some security experts characterized the attack as “sophisticated,” Cisco pointed out that it was a social-engineering play.
Cisco believes the threat actor appears to have “ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators,” as stated by Cisco’s Talos group.
Rainbow Secure offers multifactor password authentication which would prohibit access to Google’s account even if the credentials are stored in browser. With a combination of quadrilion colors and styles, the Colorful and Stylish multi-layer Rainbow Password enables Stylish & Lively Login Process Giving Best UX Experience to the user. The unique features of AI Monitoring, Location Access Control further prohibits hackers from cracking the Password. Most importantly, Rainbow Password handles and forgives Human Mistakes, which play a major role in cybersecurity threats and attacks and improves Productivity of a business and helps them win Customer Trust.
Rainbow Secure also offers Smart Multifactor authentication with Configurable friction level for balanced Security. It gives stylish & lively verification process giving best UX experience to the user while securing his valuable credentials and protecting enterprise’s confidential data.
#CyberAttack #BruteforcePrevention #PhishingMitigation #StayCyberSafe #CyberNews #RainbowSecure #InfrastructureSecurity #HackingNews #Cybersecurity #IdentityManagement #SingleSignon #riskmitigation