Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack

Cisco is fighting fires on a couple cybersecurity fronts this week involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services.

Cisco has alerted customers that one of its Duo telephony partners fell victim to a phishing attack on April 1, during which crooks stole an employee's credentials and used them to access message logs associated with Duo accounts.

"More specifically, the threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024," according to Cisco’s notification.

According to a statement from Cisco:

Cisco is aware of an incident involving a single telephony supplier that sends Duo multifactor authentication (MFA) messages via SMS and VOIP to recipients based in North America. Cisco is actively working with the supplier to investigate and address the incident. Based on information received from the supplier ...