- A scammer fooled a Cisco employee to give access to a CRM
- The attacker then used access to Exfiltrat sensitive data
- Affected customers were notified “where required by the law”
Cisco has recently admitted to having suffered a cyberattack where it saw that it loses a whole lot of customer data, including personally identifiable information (PII).
In a short message published on its website, the company revealed a threat actor who used Voice Phishing (Visening) to fool a Cisco representative and access an instance of a third -party cloud -based customer relationship management (CRM) system it uses.
After intrusion, Cisco launched a study that determined sensitive customer data was extracted.
Passwords are safe
“Our study has decided that the exported data consisted primarily of basic account profile information for persons registered for a user account on Cisco.com (name, organizational name, address, Cisco assigned user ID, e-mail address, telephone number and account-related metadata-such as the creation date),” Cisco said.
“The actor did not obtain any of our organizational customers’ confidential or proprietary information or passwords or other types of sensitive information. Cisco did not identify any influence on our products or services and no other Cisco CRM occurrence was affected.”
Cisco said that affected users were notified “where required by the law” but did not mention whether the data was used in nature. Crooks can either sell it on the dark web, try to squeeze Cisco or use it to target the company’s customers with custom-built, compelling phishing attacks.
Viseing is a form of phishing performed over the phone, and usually turns the criminal convincing victim that they are someone they are not (an IT technician, a bank employee or a government agent).
Knowing that the individuals are or were Cisco customers, threat players can forgery of the company and send e emails that fool the victims to make payments, share login credentials or download malware.
Cisco users must be wary of incoming e emails, especially those who claim to come from the business and carry a sense of urgent character with them.
