<linearGradient id="sl-pl-stream-svg-grad01" linear-gradient(90deg, #ff8c59, #ffb37f 24%, #a3bf5f 49%, #7ca63a 75%, #527f32)
Loading ...
Linkedin Twitter Youtube
  • 650-880-6215
Login
Start Free Trial
Request A Demo
Linkedin Twitter Youtube
  • 650-880-6215
Table Of Content
ZTNA User Identity Theft Snowflake marketplace cybersecurity Snowflake incident Snowflake Sensitive Data Theft Secure Web Gateways SaaS App Sprawl Private Access VPN Private Access Solution

Rise in 3rd party risks and the security challenges, a wakeup call?

Summary: In mid-April 2024, Cisco Duo, a leading provider of multi-factor authentication (MFA) and single sign-on solutions, disclosed a security breach involving one of its third-party telephony providers. This provider is responsible for managing SMS and VoIP services crucial to Duo's MFA system.

Ready to take your security to next level and protect from cyber attacks?

Try 14 days free trial

In mid-April 2024, Cisco Duo, a leading provider of multi-factor authentication (MFA) and single sign-on solutions, disclosed a security breach involving one of its third-party telephony providers. This provider is responsible for managing SMS and VoIP services crucial to Duo’s MFA system.

The Incident

On April 1, 2024, an attacker successfully executed a phishing campaign against then telephony provider, resulting in the acquisition of employee credentials. Armed with these credentials, the attacker infiltrated the provider’s systems and accessed logs of SMS and VoIP MFA messages sent to specific Duo accounts during March 2024.

What Was Compromised?

Although the actual content of the MFA messages remained secure, the attacker managed to extract metadata from the logs. This metadata included sensitive information such as:
  • Phone numbers
  • Carrier details
  • Geographic locations
  • Dates and times of messages
  • Types of messages

Potential Risks

The compromised metadata poses significant risks, primarily due to its  potential use in targeted phishing or social engineering attacks. With detailed information about Duo users, attackers could craft highly  convincing phishing schemes to deceive users into divulging even more  sensitive information.

But Leaked Logs are Harmless, Right?

Not quite. According to Cloudflare, mobile numbers are consideredPersonally Identifiable Information (PII). While it’s unclear whether this breach will attract penalties from regulatory authorities, it’s important to note that threat actors can potentially exploit this data.A prime example is the “Scattered Spider” group, which was coincidentally tracked by Kitecyber researchers. This notorious threat actor is infamous for creating phishing pages and targeting users with malicious text messages. [You can learn more here]. This breach could potentially place unsuspecting users in harm’s way, exposing them to sophisticated phishing attacks and other forms of cyber exploitation.

Response and Mitigation

Upon detecting the breach, the telephony provider promptly invalidated the stolen credentials and reinforced their security protocols. Cisco Duo was notified and subsequently informed the affected customers, urging them to be extra vigilant against possible phishing attempts leveraging the exposed metadata. Cisco rightly emphasized the importance of user education on recognizing social engineering tactics and recommended considering more secure MFA methods beyond SMS and voice-based systems.

Conclusion

This breach serves as a stark reminder of the complexities and risks inherent in digital security, further compounded by the interdependence of third and fourth-party providers within the digital infrastructure.

The choices are clear: rely on user education and hope for the best, or implement a robust security layer as part of a comprehensive defense-in-depth strategy. Don’t leave your security to chance. If you’re interested in strengthening your defenses against this ongoing threat, talk to us to learn more about adding this crucial security layer.

Visit our product website to learn more, schedule a demo, or sign up for a free 14-day trial: App Shield

Avatar photo
Srikanth Chavali
With over a decade of experience steering cybersecurity initiatives, my core competencies lie in network architecture and security, essential in today's digital landscape. At Kitecyber, our mission resonates with my quest to tackle first-order cybersecurity challenges. My commitment to innovation and excellence, coupled with a strategic mindset, empowers our team to safeguard our industry's future against emerging threats.Since co-founding Kitecyber, my focus has been on assembling a team of adept security researchers to address critical vulnerabilities and enhance our network and user security measures. Utilizing my expertise in the Internet Protocol Suite (TCP/IP) and Cybersecurity, we've championed the development of robust solutions to strengthen cyber defenses and operations.
Posts: 14
Linkedin Twitter Youtube
Subscription Form

Product

Solutions

Resources

Company

Contact Us

  • 691 S Milpitas Blvd, Ste 217, Milpitas, CA 95035
SOC_CPA_Blue
  • We are SOC 2 Type II compliant

Copyright @ Kitecyber 2025. All Rights Reserved

| Terms & Condition

| Privacy Policy

PROUDLY DESIGNED AND DEVELOPED BY:

USABILITY DESIGNS

Scroll to Top