A security incident at Cisco sheds light on how attacks of the future will unfold.
Here’s how it went down:
1. Ang hacker nakakuha ng access sa personal na akawnt ng Cisco empleyado. Na Gmail account ay naka-save ng mga kredensyal para sa Cisco VPN.
2. Ang VPN kinakailangan MFA para sa pagpapatunay. Para lampasin ito, ang hacker ginamit ng isang kumbinasyon ng MFA push spamming (pagpapadala ng maramihang MFA prompt sa telepono ng gumagamit) at impersonating Cisco IT suporta at pagtawag sa gumagamit.
3. Pagkatapos kumonekta sa VPN, ang mga hackers naka-enroll ng mga bagong device para sa MFA. This removed the need to spam the user every time and allowed them to log into the network and begin moving laterally.
There isn’t a silver bullet in cyber security. As organizations roll out defenses like MFA, attackers will find a way to bypass. While this can be frustrating for organizations, it is the reality security professionals live in.
We can either get frustrated by the constant change or choose to adapt and stay alert. It helps to recognize that there is no finish line in cyber security – it is an endless game of survival.
Leave a Reply