April 15, 2024 at 03:30PM
Cisco warned that a cyberattack on an unnamed telephony supplier compromised Duo MFA SMS message logs, potentially exposing phone numbers, carriers, and metadata. The breach could facilitate phishing and social engineering attacks. The attacker used an employee’s credentials obtained through a phishing attack to access the provider’s systems. Stolen logs are available to affected Duo accounts upon request. Cisco suggests notifying affected users and remaining vigilant.
From the meeting notes provided, it is evident that there was a security breach involving an unknown telephony provider used to send Duo MFA SMS messages. Cisco has notified customers that the breach resulted in the theft of log data, including phone numbers, carriers, and other metadata that could be exploited in phishing and social engineering attacks.
The breach reportedly occurred on April 1, 2024, when a threat actor gained access to the telephony provider’s internal systems using an employee’s credentials obtained through a phishing attack. The stolen message logs pertain to SMS messages sent to specific users under Duo accounts between March 1, 2024, and March 31, 2024. It is important to note that the message logs did not contain any message content but did contain sensitive metadata.
Nevertheless, the breached provider has confirmed that the threat actor did not access the content of any messages or use their access to send unauthorized messages. Cisco is offering copies of the stolen message logs to affected Duo account customers upon request.
In response to this breach, Cisco has recommended that customers contact affected users to notify them of the event and advise them to remain vigilant against potential social engineering attacks. This situation highlights the importance of promptly reporting any suspected social engineering attacks to the relevant incident response team or designated point of contact for such incidents. This incident underlines the continued importance of cybersecurity and the risks associated with phishing and social engineering attacks.
Please let me know if you need any further information or assistance.