Multinational company Cisco has become the latest cybercrime casualty after threat actors gained access to its servers via an employee's personal Google account.
While the Silicon Vally company hasn't reported suffering any major consequences from the breach, the cybercriminals — with links to the Lapsus$ and Yanluowang cybergangs — claimed to have retrieved over 3,000 files containing 2.75GB of company data.
Cisco hasn't given into the extorter's requests, but with phishing campaigns of this kind growing exponentially, it's clear that companies need to do everything in their power to address employee negligence.
Cisco's Suffered a Data Breach in May 2022
Cisco, the San Jose-based technology company, recently confirmed that it fell victim to a cybersecurity attack in May of this year.
The attackers are understood to have links to both the Lapsus$ and Yanluowan ransomware gangs. They were able to dupe a Cisco employee into accepting multi-factor authentication (MFA), which then allowed them to gain access to the virtual private network (VPN) of the targeted user.
From here, the bad actors were able to hijack the employee's personal Google account and access Cisco's login data through the worker's synced browser. After entering the system, they used enumeration tools to collect information before getting kicked out by Cisco's security team.
Cisco and the Hackers Disagree Over Data Loss
According to the company, no sensitive data was taken from the employee's box folder and Cisco immediately took action to contain and eradicate the bad actors.
“Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.” – Cisco spokesperson
However, according to the hackers, Cisco's public statement wasn't entirely true. When reaching out to BleepingComputer, the attackers claimed that they stole over 3,000 files were stolen, including classified engineering drawings and non-disclosure agreements (NDAs). The files supposedly amount to around 2.75GB of stolen data.
The hackers have the evidence to back it up, too. They recently released information about the Cisco breach on their data leak site, and even posted a redacted NDA document, as proof of the attack.
How to Prevent Cases of Employee Negligence?
Unfortunately, the surprisingly low cost of phishing campaigns paired with poor cybersecurity awareness provides very lucrative opportunities for cybercriminals. Therefore, attacks of this kind are becoming all too common within the business landscape.
In fact, with over 69% of reported breaches involving data misuse by insiders, employee negligence continues to be the #1 cybersecurity threat to US businesses today. Luckily, companies can adopt a number of methods to minimize risks, here are just a few:
- Implement a strict password policy – The majority of data breaches result from weak and inadequate passwords. By enforcing a strong password policy for all workers and using tools like password managers, password hacking can be kept to a minimum.
- Make sure workers keep software updated – Outdated software provides hackers with an easy way to exploit vulnerabilities. To avoid this from happening, make sure your workforce regularly updates their antivirus software.
- Train your staff about phishing – Hackers are able to make their phishing traps look pretty convincing. To make sure workers don't fall for fake links, it's important to train them to look out for suspicious requests.