September 2, 2024
Threat Level : Medium
Threat: Cisco Duo Telephony Logs Compromised
SUMMARY
On April 1, 2024, a third-party telephony vendor used by Cisco Duo experienced a data breach. The breach exposed message logs transmitted March 1 through March 31 containing phone numbers, carrier information, geographic data, the date, time, and type of message sent. Duo is estimating that 1% (roughly 1,000) of its customers were impacted.
Duo itself was not compromised, and their MFA functionality remains secure.
However, due to the nature of the data exposed in the breach, Duo is expecting an increase in targeted spear phishing or SIM swap attempts. As a result, it’s important to remain vigilant against potential phishing and social engineering attacks.
SEVERITY
5ironCyber considers this a MEDIUM threat.
RECOMMENDATIONS
Here are three key tips to help you protect yourself:
- Be Skeptical of Unsolicited Communication: Don’t click on links or provide personal information in response to any unexpected calls, texts, or emails, even if they mention Duo or our company.
- Verify Sender Identity: Always double-check the sender’s email address or phone number before taking any action. Legitimate messages from Duo or our company will come from official sources.
- Report Suspicious Activity: If you receive a suspicious message claiming to be from Duo or our company, please report it immediately to the IT Security team.
SOURCES
- https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e
- https://www.bleepingcomputer.com/news/security/cisco-duo-warns-third-party-data-breach-exposed-sms-mfa-logs/