Notable Data Breaches for QuestionPro and Cisco in August

Data breaches happen more often than we'd like to think, and they often happen to major companies that hold the data for thousands, if not millions, of customers. Sometimes these breaches are used as a test for hackers trying to prove themselves while many use ransomware and malicious viruses to hold a company hostage through fear of releasing sensitive data.

In this article, we'll go over some recent hacks and what they could mean for you as well as how to protect yourself from these types of cyber attacks.

QuestionPro

QuestionPro is an online service that helps companies develop market research through the use of surveys that they create and put out for businesses.

Earlier this year, they were targeted by an extortion attempt relating to an alleged data breach. More than 100GB of data containing 22 million unique email addresses as well as survey results and IP addresses are said to have been extracted from the service. Because QuestionPro would not confirm whether a breach had occurred (although they did confirm they were the target of an extortion attempt), the data was initially marked as "unverified." Subsequent verification by Have I been Powned, a data breach notification service, later led to the removal of the unverified label.

While the authenticity of the data is still up for debate, the inclusion of hundreds of thousands of entries using @questionpro.com email addresses implies that the data is most likely connected to the service. What is confirmed is that QuestionPro was the victim of an extortion attempt.

What this means for you

If you have used QuestionPro, your data may have been breached by a hacker or group of hackers. If you are worried about your data, contact QuestionPro and your own IT department to see if your cybersecurity network is at risk. Likewise, make sure your team is on the lookout for phishing emails related to QuestionPro and any other entity that may be attempting to impersonate them. Preparing your team to be on the lookout for phishing emails should be a normal part of security training, but this should take higher priority after any kind of data breach like this.

Cisco

Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational technology conglomerate headquartered in San Jose, California that delivers software-defined networking, cloud, and security solutions to help businesses.

According to Cisco, the Yanluowang ransomware group breached its corporate network in late May and the actor threatened to release stolen data online under the guise of extortion. The attackers were only able to collect and steal non-sensitive data from a Box folder linked to a hacked employee's account, according to the firm.

After stealing an employee's personal Google account, containing credentials synced from their browser, the Yanluowang threat actors were able to access Cisco's network by using the stolen credentials. The Yanluowang gang impersonated trusted support organizations and carried out a series of sophisticated voice phishing assaults to trick the Cisco employee into accepting multi-factor authentication (MFA) push notifications.

MFA fatigue is a form of annoyance attack in which threat actors send a steady stream of multi-factor authentication requests to irritate the target in the hope that they will eventually accept one, effectively stopping them from being sent. Trying to get people to use emotions rather than logic when responding to emails is a tried and true method for many cyber criminals.

Finally, the attackers tricked the victim into accepting one of the MFA alerts, giving them access to their VPN in the context of the targeted user. Yanluowang operators quickly spread laterally to Citrix servers and domain controllers once they gained access to the company's corporate network. In order to steal sensitive information, hackers used various enumeration techniques to gather more data before installing a series of payloads on hacked machines, including backdoor malware.

Luckily, Cisco was able to identify and boot the attackers from the network and kept them at bay through numerous attempts to get back in.

While there was no evidence of ransomware, observing ransomware deployment in this attack, the TTPs used were consistent with 'pre-ransomware activity,' activity commonly observed leading up to the deployment of ransomware in victim environments.

What this means for you

According to Louise Ferrett, a threat intelligence analyst at Searchlight Security, much of the information that was accessed is not of great importance or sensitivity. However, this type of attack can be used by hackers as a test run to prove their worth in order to gain more resources and connections. Therefore, it is important to always be on alert for data breaches and ransomware attempts.

Since the attack, Cisco has gone through a company-wide password reset and was very open about the incident. Much like many other hacks, this should be an important reminder to practice the best password policies such as using a secure password manager, difficult to guess passphrases and using the right MFA for your business needs. On top of that, training your team in the best cybersecurity practices will help them be less likely to open the door for hackers to break through.

We’ve seen a number of high-profile cyberattacks in the past few months, with major companies like QuestionPro and Cisco recently falling victim to data breaches. In light of these events, it’s important for businesses to take steps to protect themselves from cybercrime. Fortunately, there are many measures that can be taken to improve cybersecurity posture. We've listed numerous examples throughout this article, but businesses should tailor their approach to cyber security based on their specific needs and risk profile. By taking these precautions, companies can help reduce the chances of becoming the next victim of a data breach.

Ozark Technology is a Business Technology Provider that helps organizations across the country rethink the value technology brings to their business. Want to partner with us? Let’s chat.