Cisco Duo Specialists warnthat hackers attacked an unnamed telephony service provider and stole VoIP and SMS message logs associated with multi-factor authentication (MFA).
Cisco Duo is a multi-factor authentication and Single Sign-On service that is used by organizations to provide secure access to internal networks and enterprise applications. According to the official statisticsDuo serves over 100,000 customers and processes over a billion authentication checks monthly, and has over 10,000,000 downloads on Google Play.
Advertisement
In emails sent recently to customers, Cisco Duo developers warned that on April 1, 2024, attackers compromised an unnamed provider that processes SMS and VoIP for the company.
The notice explains that the hackers obtained one employee's credentials through a phishing attack and then used them to gain access to the provider's systems. The attackers then downloaded logs of MPA messages (SMS and VoIP) for the period from March 1, 2024 to March 31, 2024, associated with certain Duo accounts.
According to representatives of the provider, the attackers did not have access to the contents of the messages and did not use their privileges to send new messages to clients.
However, the stolen logs contain data that can be used in spear phishing attacks, for example, to gain access to confidential information and corporate credentials.
Advertisement
Thus, the metadata contained in the stolen logs includes:
- employee phone number;
- information about the telecom operator;
- location data;
- date;
- time;
- message type.
After the unnamed affected provider discovered the breach, it revoked the compromised credentials, analyzed transaction logs and notified Cisco representatives about the incident. Some protective measures have also been taken to prevent similar incidents in the future.
It is also reported that the provider has provided Cisco Duo specialists with all message logs, which can be requested via msp@duo.com in order to better understand the scope of the hack, its consequences and choose the appropriate protection strategy.
Cisco warns customers affected by this breach to remain vigilant against possible social engineering and SMS phishing attacks, as attackers may attempt to exploit the stolen information.