In April Cisco Duo began alerting customers of a Duo service compromise. Dark Reading is reporting the Duo service compromise occurred due to Duo’s third-party telephony provider via a social engineering attack. This third-party provided SMS and VOIP messages to customers during the multifactor authentication process.
What happened
According to Cisco Duo, the threat actor gained access to the third-party provider on April 1, 2024 using employee credentials. These credentials were obtained via a phishing attack. Once inside, the threat actor downloaded SMS messages between March 1, 2024 and March 31, 2024. Cisco Due states, “The message logs did not contain any message content but did contain the phone number, phone carrier, country, and state to which each message was sent, as well as other metadata (e.g., date and time of the message, type of message, etc.).”
What you can do
If you are a Cisco Duo customer, it is advised to stay diligent for forthcoming SMSishing (text based phishing) and vishing (phone call scams) in the coming weeks. It is also recommended to monitor your user accounts and verify if any unauthorized access has occurred. While this is unlikely as user passwords to multifactor authentication enabled accounts were not part of the compromise.
Another day, another
A couple weeks back I wrote on how MFA is not invincible and this is just another example of this. In this case though, the risks of falling victim to unauthorized access to your accounts are slim. You are far more likely to be targeted with social engineering attacks. While this is the case, it is a good idea to contact your mobile phone provider and enable a lock on any changes to your accounts. This can help minimize any attempts of a SIM swap attack.
Despite the Duo service compromise, MFA is still an absolute best practice in protecting your user accounts.
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!