Cisco admits corporate network compromised by gang with links to Lapsus$ Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work. The world's largest networking vendor disclosed the months-old compromise after a list of files …
Somebody clicked on a stupid attachment, and miscreants walked all over Cisco's IT.
I would say kudos to Cisco's security team for at least detecting them, but unfortunately they still got off with data.
Ideally, they should have been blocked before that.
Now the question is : why on God's Green Earth didn't they deploy an encryption tool ?
Did they save that for next time ?
"The attacker "then escalated to administrative privileges, allowing them to login to multiple systems" "
Cisco should definitely demand that their hardware vendor fix their broken and obviously insufficient device security. Oh, wait...
You'd think that Cisco, being Cisco, would be running all the newest high-end IDS/IPS wiz-bang stuff and would have seen this coming from a mile away and dealt with it before it got anywhere or could send any data out. I mean, hell, if Cisco can't even keep control of the networks that they themselves design and build, what hope do any of the rest of us mere mortals have?
Link: https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden
Golden Rule: There are NO good guys!!
So Cisco and their friends in Fort Meade get some of the crap which they have dished out to millions of others in the last twenty years.
Do they like it? Looks like they think "It's OK for us (good guys) to dish out this crap.......but please be sympathetic when WE get the same treatment!".
Sorry....no sympathy here!!
Please....someone.....just close down Fort Meade and Cheltenham!!!
It's fun because it's Cisco but it points out that many of the ransomware stories we see are the result of a clueless employee letting the bad guys in.
It's easy for a gang to fake it til they make it until they find that clueless employee and then they have a hole they can exploit.
Cisco responded much quicker than most companies do (or could do). But as for their "nothing to see here" statements, they are Cisco and I doubt we'll ever get the full story.
Cisco responded much quicker than most companies do
Most other companies have a (small) team but Cisco, however, has a large army of security specialist plus other subsidiaries, like TALOS.
And the intruders were not prepared. They got in and move laterally exfiltrated a few GB worth of data. They did not lock up any files nor destroyed any. Yup, the intruders were ill-prepared.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
