Google and Cisco Report CRM Software Breaches Caused by Vishing Attacks

In an alarming trend, technology giants Google and Cisco disclosed separate incidents of data breaches stemming from voice phishing, commonly known as vishing. Both attacks exploited social engineering tactics to target employees, resulting in unauthorized access to customer data stored in cloud-based Customer Relationship Management (CRM) systems.

These breach notifications coincide with a growing wave of vishing incidents, frequently linked to the ShinyHunters group, notorious for their extortive practices. Google reported that a successful attack took place in June, affecting its Salesforce CRM instance. According to the company, the accessed data comprised basic business information, including contact details for small and medium enterprises, retrieved in a brief window before access was terminated.

Similarly, Cisco detailed its own vishing incident, confirmed on July 24. The attacker managed to export customer data from Cisco’s cloud-based CRM system. Following the breach, Cisco promptly revoked the attacker’s access and initiated an internal investigation. Preliminary findings indicated that the exposed data primarily consisted of account profile information, yet no sensitive or proprietary details were disclosed.

Both companies are cooperating with law enforcement and data protection authorities to address these breaches and inform affected individuals. Specific details regarding the number of impacted customers or any possible ransom demands remain undisclosed. Cisco has publicly acknowledged its commitment to enhancing defenses against vishing attacks, emphasizing that each cybersecurity incident presents an opportunity for growth and resilience.

The rise of voice phishing calls has been particularly concerning for organizations with cloud-based systems, as attackers employ tactics that can include social engineering targeted at IT support desks, seeking unauthorized access to sensitive account permissions. Notably, Google’s disclosures revealed that the attackers used end-user credentials obtained through prior vishing attempts to navigate through victim networks and access data on platforms such as Okta and Microsoft 365.

Both Google and Cisco’s experiences highlight a troubling trend where attackers not only focus on immediate data theft but may also seek to extort victims at a later date, indicating a sophisticated understanding of ransomware tactics. The MITRE ATT&CK framework identifies several relevant tactics in these scenarios, including Initial Access—via social engineering techniques like vishing—along with Privilege Escalation, where attackers obtain higher access permissions to exploit the network further.

Recent breaches involving ShinyHunters impacting major retailers and institutions, including Adidas, Victoria’s Secret, and various luxury brands, reveal the breadth of vulnerability across sectors. In a related incident, Danish jewelry company Pandora reported unauthorized access to customer information via a third-party platform, underscoring risks associated with supply chain vulnerabilities.

This evolving landscape necessitates urgent action from businesses to fortify their cybersecurity measures and actively educate employees about the signs of vishing attempts. As cyber threats continue to evolve, adopting a proactive approach towards cybersecurity can help mitigate risks and protect valuable customer data.