On July 24th, Cisco, the major technology conglomerate, was the victim of a data breech that is likely part of an ongoing wave of Salesforce data theft attacks using vishing and social engineering techniques. The extortion group believed to be responsible goes by the name ShinyHunters.
Other brands that have been targeted recently are Adidas, Louis Vuitton, Dior, Tiffany & Co., and Chanel.
Cisco became aware of the incident on July 24th, and discovered that the hacker had gained access by tricking an employee—this is a common tactic used by hackers. They are capable of using advanced phishing and vishing tactics that appear legitimate to the target.
Through the exploitation of the employee, utilizing common tactics, like phishing, the attacker gained access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco that allowed them to steal personal user information for user accounts registered at Cisco.com. Stolen information included names, organization names, addresses, Cisco user IDs, email addresses, phone numbers, and account metadata.
Cisco confirmed, however, that the attacker didn’t obtain “organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information.”
“We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks.”
Cisco has not yet disclosed the number of individuals affected by this incident, nor if the attacker requested a ransom in exchange for not leaking the stolen data.
What can you do to protect your company?
If major tech giants like Cisco aren’t safe from phishing attacks, what can smaller companies with fewer resources hope to do to protect their customer’s data, and just as importantly, public trust?
No company can guarantee a bullet-proof system, but some can get close. As you’re looking for cyber security solutions, don’t settle for something like Microsoft Defender that comes pre-installed on Windows OS. Instead, look for a comprehensive system that’s going to include a firewall, antivirus and antimalware software, endpoint protection, an email security platform, and training and testing for employees to identify and report phishing attempts.
This is where a Managed Services Provider (MSP) comes in. Most companies don’t have the time or resources to patch together such a solution from various providers across the globe. A Managed Services Provider does the hard work for you and comes alongside your company to prevent incidents like the one that targeted Cisco.
Our Executive Director of New Market Development, Mark Jackson, had this to say about how VIP’s Managed Services work to mitigate the risk and fallout of an attack, “At VIP Technology Solutions Group, we assist organizations in building a comprehensive defense against social engineering attacks through layered security strategies, including email threat detection, endpoint and network protection, and behavioral monitoring. These technologies are designed to work together to help identify and mitigate social engineering threats, like this one, before they get out of control. Just as importantly, VIP emphasizes employee training and awareness—because when a social engineering scam targets your organization, your people are the first and best line of defense. Supported by strong usage policies and our monthly managed services, VIP helps ensure your business is not only protected but prepared.”
For an MSP that puts your business first, contact VIP for more information about how we can safeguard your data.
