Multiple sources have reported the breach of Cisco’s own network, purportedly via a Cisco employee’s personal Google account. According to multiple sources, the employee in question was saving and syncing both personal and Cisco business credentials to the Google Chrome browser for ease of access. Once the employee’s personal Google account was compromised, the bad guys accessed the Chrome password history, harvested the Cisco business credentials, and were off to the races.
This situation further enforces the need for better, more frequent end user awareness education and the monitoring of employees to ensure bad practices are not in play. At the end of the day, we are all human and we will all make mistakes. We can only get better if we train more, talk more, and monitor effectively.
The following article from ThreatPost is a great overview of the situation and provides an interesting recap of how the bad guys overcame the Cisco VPN MFA controls. Enjoy the read and beware of these threats! TRAIN YOUR PEOPLE!!