A security incident at Cisco sheds light on how attacks of the future will unfold.
Here’s how it went down:
1. The hacker gained access to a Cisco employee’s personal Gmail account. That Gmail account had saved credentials for the Cisco VPN.
2. The VPN required MFA for authentication. To bypass this, the hacker used a combination of MFA push spamming (sending multiple MFA prompts to the user’s phone) and impersonating Cisco IT support and calling the user.
3. After connecting to the VPN, the hackers enrolled new devices for MFA. This removed the need to spam the user every time and allowed them to log into the network and begin moving laterally.
There isn’t a silver bullet in cyber security. As organizations roll out defenses like MFA, attackers will find a way to bypass. While this can be frustrating for organizations, it is the reality security professionals live in.
We can either get frustrated by the constant change or choose to adapt and stay alert. It helps to recognize that there is no finish line in cyber security – it is an endless game of survival.