- A scammer tricked a Cisco employee into granting access to a CRM
- The attacker then used the access to exfiltrate sensitive data
- Affected customers were notified “where required by law”
Cisco has admitted recently suffering a cyberattack which saw it lose a whole lot of customer data, including personally identifiable information (PII).
In a short announcement published on its website, the company revealed a threat actor used voice phishing (vishing) to trick a Cisco representative and gain access to an instance of a third-party cloud-based Customer Relationship Management (CRM) system it uses.
Following the intrusion, Cisco launched an investigation, which determined sensitive customer data was extracted.
Passwords are safe
“Our investigation has determined that the exported data primarily consisted of basic account profile information of individuals who registered for a user account on Cisco.com (name, organization name, address, Cisco assigned user ID, email address, phone number, and account-related metadata – such as creation date),” Cisco said.
“The actor did not obtain any of our organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information. Cisco did not identify any impact to our products or services, and no other Cisco CRM instances were affected.”
Cisco said that affected users were notified “where required by law”, but did not mention if the data was being used in the wild. Crooks can either sell it on the dark web, try to extort Cisco, or use it to target the company’s customers with custom-built, convincing phishing attacks.
Vishing is a form of phishing done over the phone, and usually revolves around the criminal convincing the victim they’re someone they’re not (an IT technician, a bank employee, or a government agent).
Knowing that the individuals are, or were, Cisco customers, threat actors can spoof the company and send emails that trick the victims into making payments, sharing login credentials, or downloading malware.
Cisco users should be wary of any incoming emails, especially those claiming to come from the company and carrying a sense of urgency with them.
You might also like
https://cdn.mos.cms.futurecdn.net/TWkP7ZurZMY6uepDxsK6Ha.jpg
Source link
