11.08.2022 21:57:35
|
Cisco Systems Faced Cyberattack From Hacked Employee's Google Account
(RTTNews) - Cisco Systems revealed on Wednesday details of a May hack by the Yanluowang ransomware group, which leveraged a compromised employee's Google account. The networking giant is calling the attack a "potential compromise" in a post by the company's own Cisco Talos threat research arm.
"During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized," wrote Cisco Talos while giving details of the attack.
Forensic details of the attack lead Cisco Talos researchers to attribute the attack to the Yanluowang threat group, which they maintain has ties to both the UNC2447 and the notorious Lapsus$ cybergangs.
Cisco Talos said that while the adversaries were not successful at deploying ransomware malware, they were successful at penetrating its network and planting a cadre of offensive hacking tools and conducting internal network reconnaissance "commonly observed leading up to the deployment of ransomware in victim environments."
The main point of the hack was the attackers ability to compromise the targeted employee's Cisco VPN utility and access the corporate network using that VPN software.
"Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account. The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account," wrote Cisco Talos.
With credentials in their possession, attackers then used a multitude of techniques to bypass the multifactor authentication tied to the VPN client. Efforts included voice phishing and a type of attack called MFA fatigue. Cisco Talos describes the MFA fatigue attack technique as "the process of sending a high volume of push requests to the target's mobile device until the user accepts, either accidentally or simply to attempt to silence the repeated push notifications they are receiving."
The MFA spoofing attacks leveraged against Cisco employee were ultimately successfully and allowed the attackers to run the VPN software as the targeted Cisco employee. "Once the attacker had obtained initial access, they enrolled a series of new devices for MFA and authenticated successfully to the Cisco VPN," researchers wrote.
"The attacker then escalated to administrative privileges, allowing them to login to multiple systems, which alerted our Cisco Security Incident Response Team (CSIRT), who subsequently responded to the incident," they said.
In response to the attack, Cisco implemented a company-wide password reset immediately, according to the Cisco Talos report. "Our findings and subsequent security protections resulting from those customer engagements helped us slow and contain the attacker's progression," they wrote.
Wenn Sie mehr über das Thema Aktien erfahren wollen, finden Sie in unserem Ratgeber viele interessante Artikel dazu!
Jetzt informieren!
Nachrichten zu Cisco Inc.mehr Nachrichten
21.11.24 |
Optimismus in New York: Dow Jones nachmittags auf grünem Terrain (finanzen.at) | |
21.11.24 |
Gewinne in New York: Dow Jones am Mittag mit Gewinnen (finanzen.at) | |
21.11.24 |
Dow Jones-Handel aktuell: Dow Jones zum Start des Donnerstagshandels im Aufwind (finanzen.at) | |
20.11.24 |
Dow Jones aktuell: Dow Jones zum Handelsende in Grün (finanzen.at) | |
20.11.24 |
Mittwochshandel in New York: Das macht der Dow Jones nachmittags (finanzen.at) | |
20.11.24 |
Dow Jones aktuell: Dow Jones sackt am Mittwochmittag ab (finanzen.at) | |
20.11.24 |
Dow Jones 30 Industrial-Titel Cisco-Aktie: So viel hätten Anleger mit einem Investment in Cisco von vor 3 Jahren verdient (finanzen.at) | |
20.11.24 |
Schwacher Handel in New York: Dow Jones zum Start im Minus (finanzen.at) |
Analysen zu Cisco Inc.mehr Analysen
22.09.23 | Cisco Overweight | JP Morgan Chase & Co. | |
18.05.23 | Cisco Neutral | JP Morgan Chase & Co. | |
18.05.23 | Cisco Outperform | Credit Suisse Group |