Many lead stories are cataloging the cyber-attacks as an emerging “catastrophe” faced by every organization. The expanding online devices on a network are an alarming threat to the cybersecurity front of many organizations. As the universe of potential cyber-attack vectors dilates, organizations ought to build mechanisms to guard against these attacks. Unfortunately, most organizations are heedless that they will ever be a victim of cyber-criminals, hence, becoming a victim of such attacks.
A report published by dark reading highlights the high profile yanluowang ransomware gang attack which targeted the multinational technology conglomerate Cisco. Cisco acknowledged that the gang was able to gain access by using voice phishing and tricking an employee into accepting the multifactor authentication push notification. Cisco confirmed that the initial unauthorized access vector was through the successful phishing of an employee’s personal Google account that contained passwords synced with the web browser, which ultimately led to the compromise of employees credentials access to the Cisco VPN. As per the statistics promulgated by Parachute ransomware attacks accounted for 27% of the data breaches in 2021.The cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10. Cisco disclosed that the exfiltrated information, only included the contents of a Box cloud storage folder that was associated with the compromised employee’s account and is not believed to have included any valuable data. Cisco claims that the threat actor did install a number of offensive tools and payload to a variety of systems on Cisco’s network but there was no evidence found of ransomware payloads deployment during the attack. Cisco initiated a company-wide password reset post the breach and made detailed disclosures regarding the technicalities of the hack.
The volume of these cyber-attacks undrapes the paradox of the digital economy and cybersecurity. While technological advancements steered the world towards convenience, efficiency and wealth creation at the same time this outstanding push to digitize society has constructed inherent vulnerability into the core of the economic model. This is all taking place atop a deeply fragmented and underdeveloped system of cybersecurity resulting in exploitation of organizations.