Um incidente de segurança na Cisco esclarece como os ataques do futuro se desenvolverão.
Foi assim que aconteceu:
1. The hacker gained access to a Cisco employee’s personal Gmail account. That Gmail account had saved credentials for the Cisco VPN.
2. The VPN required MFA for authentication. To bypass this, the hacker used a combination of MFA push spamming (sending multiple MFA prompts to the user’s phone) and impersonating Cisco IT support and calling the user.
3. After connecting to the VPN, the hackers enrolled new devices for MFA. This removed the need to spam the user every time and allowed them to log into the network and begin moving laterally.
There isn’t a silver bullet in cyber security. As organizations roll out defenses like MFA, attackers will find a way to bypass. While this can be frustrating for organizations, it is the reality security professionals live in.
Podemos ficar frustrados com as mudanças constantes ou optar por nos adaptar e ficar alertas. Ajuda reconhecer que não existe linha de chegada na segurança cibernética – é um jogo interminável de sobrevivência.
Leave a Reply