An undisclosed third-party provider that handles telephony for Cisco’s Duo multi-factor authentication (MFA) service recently suffered a social engineering cyberattack. As a result, Cisco Duo customers have been warned to be on alert for follow-on phishing schemes. The customers were sent a notice explaining that the company that handles SMS and VOIP MFA messaging traffic for Cisco Duo was breached on April 1. The threat actors reportedly used compromised employee credentials to access the service provider’s systems. Once inside, the unauthorized user downloaded SMS logs for specific users between March 1 and 31. The advisory stated that while the message logs did not contain message content, they did include metadata such as phone numbers, carriers, countries, and states of the recipients. Companies must understand their dependence on third-party identity security firms, how an attack on those firms could affect them, and implement proper measures to detect and respond to security incidents that involve their identity security providers.

For any further questions, contact us here at Cyber Command.