Cisco reveals it was hacked by Yanluowang Ransomware Gang

Ana sayfa / Security

Cisco, one of the first companies that comes to mind when networking is mentioned, was hacked. The California company released a statement confirming that it was hacked by the Yanluowang Ransomware Gang. Cisco shared the information that the cyber attack was carried out on May 24, 2022.

Yanluowang Ransomware Gang infiltrates Cisco employee accounts

Cisco announced that the Yanluowang Ransomware Gang carried out the cyber attack by infiltrating the VPN accounts of Cisco employees. Cyber ​​attackers accessing the VPN reached the Google accounts of Cisco employees with this method. Google’s password saving feature can cause such security vulnerabilities.

Google is used in many corporate companies, just like in our homes. But in corporate companies, Google’s corporate solution is used in G-Suite. Therefore, although Cisco was affected by this cyber attack, Google should also learn from it.

There are many features that Google offers to its users. For corporate or personal use. For example, Google Drive is a storage service from Google. Most enterprise customers store their files in Google Drive, as physical disks can be damaged. This gives them access to their files from anywhere. However, this feature seems to have turned into a disadvantage in Cisco’s emerging cybersecurity attack.

MFA fatigue or prompt bombing cyber attacks is a method heavily used by attackers. In addition with this method, the authentication application or controls of the target user are dropped. In this way, the attacker gains unauthorized access to the account.

After the attackers accessed Cisco systems, they were able to move files using RDP (Remote Desktop Protocol) and Citrix. Other than that, it was stated by Cisco Talos that no ransomware was used. This means that this attack was not primarily done for petty commercial profit. In this context, we can say that the attack aims to stay in the system for a long time and steal information.

Do you think this cyber attack on Cisco is just their security weakness also is it also a security vulnerability for Google that Google cannot protect user information after accessing the VPN? Please share with us in the comments.