Cisco Systems: Security? Well, the Ads Say So
August 12, 2022
I read a mildly amusing article which revealed a flaw in Cisco Systems’ security. The write up was “Cisco Hacked by Yanluowang Ransomware Gang, 2.8GB Allegedly Stolen.”
Why did I chuckle?
I noted these ads in a recent Google search about — you guessed it — network security.
The first ad is for networking solutions and Cisco’s secure firewall. Gander at this:
The second ad popped up when I searched for Cisco and its super expert Talos unit. Talos, an acquisition from Israel, is supposed to be one of the Fancy Dan threat intelligence outfits. The idea you know before there is trouble. Peek at this:
You can download the report from this link.
What did the article report as spot on information? Here’s a passage I noted:
The Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synced from their browser. The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations. The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they gained a foothold on the company’s corporate network, Yanluowang operators spread laterally to Citrix servers and domain controllers.
Several observations:
- Cisco identified the bad actors as a group which sure seems to be from a specific country. Russia? No, that nation state has demonstrated that some of its tactical expertise falls short of a high water mark probably captured in a PowerPoint deck. Tanks? Remember?
- The security breach was something the vaunted Cisco security systems could not handle. An insider. Interesting because if this is indeed accurate, no organization can protect itself from an insider who is intentionally or unintentionally compromised. Is this useful information for a bad actor?
- If the Cisco security systems and its flow of threat intelligence were working, why is the company after the fact able to enhance or improve its own security. Wasn’t there a fairy tale about shoemaker’s children not having a snappy new paid of collectible shoes?
Net net: The buzz about a group of companies banding together to share security related information is interesting. What this story about the Cisco breach tells me is that teaming up is a way of circling the wagons. Maybe PowerPoints and ads not completely accurate? Nah, impossible.
Stephen E Arnold, August 12, 2022