October 21, 2024 at 05:08PM
Cisco has disabled public access to its DevHub after threat actors stole and listed sensitive customer data for sale, including source code and credentials from major companies. Investigations revealed no personal data was compromised, but the incident highlights the importance of securing public-facing environments against potential vulnerabilities.
### Meeting Takeaways: Cisco Security Incident
**Overview of Incident:**
– Cisco has disabled public access to one of its DevHub environments following a data breach. Attackers accessed and downloaded sensitive customer data, which is being offered for sale on a cybercrime forum.
**Compromised Data:**
– The data breach involves:
– Source code
– API tokens
– Hardcoded credentials
– Certificates
– Other confidential information from major companies like Microsoft, Verizon, T-Mobile, AT&T, Barclays, and SAP.
**Threat Actors:**
– Three cybercriminals, identified by the usernames IntelBroker, EnergyWeaponUser, and zjj, are responsible. IntelBroker, a Serbian entity, is linked to notable data thefts involving organizations like Europol and DARPA.
**Cisco’s Response:**
– Investigation commenced on October 15, with confirmation of unauthorized downloads occurring three days later.
– No impact on Cisco’s internal systems has been reported, and no personal or financial data has been confirmed as compromised yet.
– Public access to the site has been suspended to further investigate the breach.
**Key Security Lessons:**
– Emphasized the importance of securing public-facing assets through:
– Input validation to mitigate injection attacks.
– Strong authentication processes.
– Regular vulnerability assessments.
**Common Security Oversights:**
– Organizations often:
– Ignore OWASP guidelines.
– Underestimate security risks.
– Neglect regular system updates.
– Fail to prioritize secure coding practices.
**Recommendations from Experts:**
– **Jason Soroko (Sectigo):**
– Organizations should back up website code and practice restoration.
– Utilize malware detection tools for regular scanning.
– **Eric Schwake (Salt Security):**
– Accidental misconfigurations, human errors, and inadequate security testing can expose sensitive data.
– Implement a multilayered security strategy, including:
– Strict access controls.
– Secure coding practices.
– Thorough security testing.
– Continuous monitoring and secrets management solutions.
This incident serves as a crucial reminder of the need for robust security measures for public-facing environments to prevent data breaches and protect sensitive information.