Network breach confirmed by Cisco

You may have read in the news that a ransomware attack on Cisco has been confirmed.

Following an investigation, it was found that a Cisco employee’s credentials were compromised. An attacker had gained control over a personal Google account, where the employee had saved their work credentials and they were accessed and used by the cyber criminal.*

Over the past year we have spoken about the importance of not allowing users to login to personal Googlemail/Gmail accounts on corporate devices.

Some of the feedback we have had from clients is “how can I store my work passwords if I don’t do this” etc.

The answer has been staring us in the face since 2018.

In 2018 Microsoft redeveloped Edge to be Chromium based (essentially built on the platform that Chrome is based).

The two key benefits of using Edge over Chrome are updates and password storage (there are more but these are the two which we come across as issues most with Chrome users).

During many audits for Cyber Essentials, PCI DSS or Cyber Security Reviews, one of the common fails and opportunities for improvement is around users storing corporate passwords in Chrome and running outdated versions due to a lack of shutting down PCs/laptops.

We believe this is mainly due to the new flexible working practices and people just leaving laptops on standby.

A move to Edge eliminates the vast majority of these fails and in this case the incident would’ve been prevented.

Another factor is EDR and next generation Antivirus.

Cisco have their own ransomware protection tool which should have protected or alerted on the IOC (indicators of compromise). Ensuring you’re not just reliant on standard AV (Antivirus) is the key to preventing the spread of ransomware if your users do fall for this type of attack.

What can you do to help prevent this type of attack happening to your organisation:

• Remove the opportunity for users to save work passwords in personal accounts.
• Train your users on the type of attacks.
• Have a solution to block the spread in case the above fails.

Remember you are only as strong as your weakest user!

Get in touch with us to discuss how you can help to prevent similar incidents occurring in your business.

*Further information on the incident is below.
Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Network breach confirmed by Cisco

Get in Touch

Contact

Headquarters

Explore