Network breach confirmed by Cisco

Published on: 12th August 2022
Network breach confirmed by Cisco

You may have read in the news that a ransomware attack on Cisco has been confirmed.

Following an investigation, it was found that a Cisco employee’s credentials were compromised. An attacker had gained control over a personal Google account, where the employee had saved their work credentials and they were accessed and used by the cyber criminal.*

Over the past year we have spoken about the importance of not allowing users to login to personal Googlemail/Gmail accounts on corporate devices.

Some of the feedback we have had from clients is “how can I store my work passwords if I don’t do this” etc.

The answer has been staring us in the face since 2018.

In 2018 Microsoft redeveloped Edge to be Chromium based (essentially built on the platform that Chrome is based).

The two key benefits of using Edge over Chrome are updates and password storage (there are more but these are the two which we come across as issues most with Chrome users).

During many audits for Cyber Essentials, PCI DSS or Cyber Security Reviews, one of the common fails and opportunities for improvement is around users storing corporate passwords in Chrome and running outdated versions due to a lack of shutting down PCs/laptops.

We believe this is mainly due to the new flexible working practices and people just leaving laptops on standby.

A move to Edge eliminates the vast majority of these fails and in this case the incident would’ve been prevented.

Another factor is EDR and next generation Antivirus.

Cisco have their own ransomware protection tool which should have protected or alerted on the IOC (indicators of compromise). Ensuring you’re not just reliant on standard AV (Antivirus) is the key to preventing the spread of ransomware if your users do fall for this type of attack.

What can you do to help prevent this type of attack happening to your organisation:

• Remove the opportunity for users to save work passwords in personal accounts.
Train your users on the type of attacks.
• Have a solution to block the spread in case the above fails.

Remember you are only as strong as your weakest user!

Get in touch with us to discuss how you can help to prevent similar incidents occurring in your business.

 

*Further information on the incident is below.
Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco

Speak to our engineers and experts.