Cisco Duo Users Beware: Third-Party Breach Exposes SMS MFA Logs

Cisco Duo

Cisco Duo Users Beware: Third-Party Breach Exposes SMS MFA Logs

image-26 Cisco Duo Users Beware: Third-Party Breach Exposes SMS MFA Logs
  • Target: An unnamed telephony provider used by Cisco Duo for delivering SMS and VoIP MFA messages.
  • Attack Method: Phishing. Threat actors gained access to employee credentials through a phishing campaign and used them to infiltrate the provider’s systems.
  • Data Exposed: SMS and VoIP MFA message logs associated with Duo accounts. These logs are believed to contain phone numbers, phone carriers, and other metadata related to MFA messages sent between March 1st and March 31st, 2024.
  • Data Not Exposed: Importantly, Cisco Duo assures users that the content of the MFA messages itself (the one-time codes) was not accessed. Additionally, the attackers did not gain the capability to send new messages or access phone numbers for malicious purposes.
  • Social Engineering and Phishing Attacks: Armed with phone numbers and metadata, attackers can launch targeted phishing campaigns that appear more legitimate. They may use this information to impersonate legitimate sources (e.g., IT support) and trick users into revealing sensitive information or clicking malicious links.
  • Identity Theft: In some cases, the exposed data, combined with information obtained from other sources, could be used for identity theft attempts.
  • Be Wary of Incoming SMS: Be cautious of any unsolicited SMS messages, even if they mention Duo or MFA. Do not click on any links or reply to suspicious messages.
  • Educate Users on Social Engineering: Organizations using Cisco Duo should educate their employees about social engineering tactics and how to identify phishing attempts.
  • Enable Stronger MFA Methods: If possible, consider enabling stronger MFA methods beyond SMS, such as security keys or authentication apps, for added security.

Share this content:

Post Comment