Ethical Hacking News
Voice phishing attacks are becoming increasingly prevalent, with companies like Cisco recently falling victim to these tactics. In this article, we'll explore the growing threat of voice phishing and provide guidance on how businesses can protect themselves from these sophisticated attacks.
Voice phishing attacks targeting companies like Cisco have increased in sophistication and frequency. The breach exposed basic account profile information, including names, addresses, email addresses, and phone numbers, but not sensitive information. Multi-factor authentication (MFA) compliant with FIDO is a key defense against voice phishing attacks. FIDO MFA requires both device authentication and physical proximity to prevent spoofed calls from working. Organizations must implement safeguards against FIDO limitations, such as providing fallback forms of authentication. Education and awareness programs are crucial for employees to recognize and respond to suspicious phone calls.
Voice phishing attacks have once again made headlines, this time targeting Cisco, one of the world's most renowned technology companies. In a shocking revelation, it was reported that a representative from Cisco fell victim to a voice phishing attack, allowing threat actors to download sensitive information belonging to users of a third-party customer relationship management system.
The breach, which occurred in recent days, exposed basic account profile information of individuals who registered for a user account on Cisco.com. The compromised data included names, organization names, addresses, Cisco assigned user IDs, email addresses, phone numbers, and account-related metadata such as creation date. It is worth noting that the breach did not expose customers' confidential or proprietary information, password data, or other sensitive information.
This incident highlights the growing concern of voice phishing attacks, particularly those relying on voice calls, which have emerged as a key method for ransomware groups and other types of threat actors to breach defenses of even the most fortified organizations. The attackers behind these attacks often devote considerable research to make them consistent with legitimate authentication methods used internally by the target.
To combat this menace, one of the best defenses is the use of multi-factor authentication that complies with FIDO, the industry standard developed by a consortium of organizations around the world. This method secures the cryptographic keys bound to the domain name of the service being logged into, preventing attacks relying on spoofed or lookalike phishing sites from working. Moreover, MFA credential must also be in physical proximity to the device that's logging in to the device. When a target being phished is in one location and the attacker is somewhere else, the attack will fail.
However, FIDO MFA is relatively new, making it challenging for organizations to adopt without providing fallback forms of authentication for use in the event users are locked out of accounts. It is imperative for organizations to devise safeguards against this limitation. The US Cybersecurity and Infrastructure Security Agency provides guidance on resisting phishing attacks, which can serve as a valuable resource for companies looking to bolster their security.
The increasing sophistication and frequency of voice phishing attacks underscore the need for vigilance in corporate security measures. Organizations must take proactive steps to educate employees about these threats and develop robust strategies to counter them. Furthermore, regular training sessions and awareness programs are essential to ensure that employees recognize and respond appropriately to suspicious phone calls.
In conclusion, the recent incident involving Cisco highlights the need for businesses to prioritize their cybersecurity posture. By implementing effective multi-factor authentication measures, such as those compliant with FIDO, and by educating employees on how to identify and report suspicious activity, organizations can significantly reduce the risk of falling victim to voice phishing attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Voice-Phishing-Attacks-The-Looming-Threat-to-Corporate-Security-ehn.shtml
https://arstechnica.com/security/2025/08/attackers-who-phished-cisco-downloaded-user-data-from-third-party-crm/
Published: Tue Aug 5 17:27:32 2025 by llama3.2 3B Q4_K_M
