Was Cisco Just Hit By Ransomware? What Happened And What To Do

Cisco Breach — What Happened?

The reported Cisco breach came to light when ransomware outfit Kraken appeared to have published the leaked data on its dark web blog, according to the Cybersecurity News site. The adversaries also apparently left a threatening message on the site, indicating they had long-term access to Cisco’s network, according to the report.

Cisco’s Response

Cisco has not actually been breached by the ransomware gang — the leak is the result of an old incident that took place in 2022.

“Cisco is aware of certain reports regarding a security incident,” a spokesperson for the firm told me over email. “The incident referenced in the reports occurred back in May 2022, and we fully addressed it at that time. Based on our investigation, there was no impact to our customers.”

“More details about the incident and how we addressed it can be found in this blog post that Cisco Talos, our threat intelligence organization, published in August 2022,” the Cisco spokesperson added.

Cisco Data Leaked

The data apparently leaked by the ransomware gang is pretty sensitive, including usernames, security identifiers, and NTLM password hashes. It appeared to have been extracted from Cisco’s Windows Active Directory environment.

What Could Happen?

This sort of data could allow cybercriminals to do “a number of potentially damaging things,” says Jamie Akhtar, CEO and co-founder of CyberSmart. For example, the domain controller credentials could allow hackers to escalate privileges within Cisco’s network, access and steal sensitive data, and launch brute-force attacks, deploy malware, or set up further phishing scams.

What to Do

So this data is not from a new breach, but it highlights the need to deploy strong cybersecurity measures to counter it, says Akhtar.

He recommends regularly changing passwords, using MFA, monitoring data logs, and tightly controlling who has access to what.

While Cisco has not just been breached by ransomware operators, it’s also a good idea to make yourself as robust as possible in the face of data-locking malware. Ensure you have decent backups and that basic cybersecurity measures are in place.

Conclusion

The reported Cisco breach is actually an old incident that occurred in 2022. The data leaked by the ransomware gang is not new, but it highlights the importance of deploying strong cybersecurity measures to counter credential-based cyberattacks.

FAQs

Q: What happened in the reported Cisco breach?
A: The reported Cisco breach is actually an old incident that occurred in 2022, and the data leaked by the ransomware gang is not new.

Q: What kind of data was leaked?
A: The data apparently leaked by the ransomware gang includes usernames, security identifiers, and NTLM password hashes extracted from Cisco’s Windows Active Directory environment.

Q: What are the potential consequences of the leaked data?
A: The leaked data could allow cybercriminals to do “a number of potentially damaging things,” such as escalating privileges, accessing and stealing sensitive data, launching brute-force attacks, deploying malware, or setting up further phishing scams.

Q: What should I do to protect myself from data-locking malware?
A: Ensure you have decent backups and that basic cybersecurity measures are in place. Regularly change your passwords, use MFA, monitor data logs, and tightly control who has access to what.