back to article Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack

Cisco is fighting fires on a couple cybersecurity fronts this week involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services. Cisco has alerted customers that one of its Duo telephony partners fell victim to a phishing attack on April 1, during which crooks stole an employee's credentials …

  1. Dimmer Silver badge

    Single sign on


    Please fight against the lazy users that want you to use AD as your source for sign on.

    They will whine to their boss about having a different password for the vpn and desktop but it will be your butt not the boss’s when your VPN access is sold because bad guys own your AD.

    As far as dual factor, please refer to the Reg article about Duo

    Monitor your vpn login. It pays.

  2. An_Old_Dog Silver badge

    How Do They *KNOW*?

    .... that no customers' personel info was exfiltrated by computer invaders in these sorts of situations? Log files don't necessarily tell the whole story. If the victims' DNS is compromised, computers on that network can be tricked into sending log events to a random, unconnected IP address instead of the actual logging server

    1. Claptrap314 Silver badge

      Re: How Do They *KNOW*?

      A good DLP tool will catch that. A good firewall might prevent it.

    2. Dimmer Silver badge

      Re: How Do They *KNOW*?

      Excellent point.

      I use the ip address of the server instead of the DNS when I can just for that reason

      I agree that logs don’t prevent hacks, they do let you know that your are being attacked and more importantly it gives you the ammunition against the bean counters when you do spend the money on something that will stop it.

      If you monitor the bandwidth (and there are free solutions, but requires hours to implement and maintain) on each port, you can trace where the data is unusual. Some firewalls will even give you numbers by device.

      As a reference, it takes about 1Tb of storage for 6 months of performance logs per 2k points. Use SSD or it will never keep up.

    3. OhForF' Silver badge

      Re: How Do They *KNOW*?

      >The stolen logs did not contain any message content, but reportedly did include phone numbers<

      As phone numbers are personal information they acknowledged that personal info was exfiltrated.

  3. PlatosManCave

    Fire in the Cisco!

    Fire in the Taco Bell!!

    Don't you wanna know how we keep starting fires?

    It's my desire... to say "whatever" to simple security practices....


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like