Voice phishers strike once more, this time hitting Cisco

Cisco stated that certainly one of its representatives fell sufferer to a voice phishing assault that allowed menace actors to obtain profile data belonging to customers of a third-party buyer relationship administration system.

“Our investigation has decided that the exported knowledge primarily consisted of primary account profile data of people who registered for a person account on Cisco.com,” the corporate disclosed. Info included names, group names, addresses, Cisco assigned person IDs, e mail addresses, telephone numbers, and account-related metadata resembling creation date.

Et tu, Cisco?

Cisco stated that the breach didn’t expose clients’ confidential or proprietary data, password knowledge, or different delicate data. The corporate went on to say that investigators discovered no proof that different CRM situations had been compromised or that any of its services or products had been affected.

Phishing assaults, notably these counting on voice calls, have emerged as a key methodology for ransomware teams and different types of menace actors to breach defenses of among the world’s most fortified organizations. In some instances, the menace actors behind these assaults used a number of types of communication, together with e mail, voice calls, push notifications, and textual content messages. They typically dedicate appreciable analysis to the assaults to make them in line with reliable authentication strategies used internally by the goal. A number of the corporations efficiently compromised in such assaults embrace Microsoft, Okta, Nvidia, Globant, Twilio, and Twitter.