Threat Watch

Former Cisco Engineer Nukes 16K WebEx Accounts and 456 VMs

A former Cisco employee has pled guilty to accessing Cisco’s cloud infrastructure in 2018, five months after resigning from the company. The former employee deployed code that ultimately shut down more than 16,000 WebEx Teams’ accounts and deleted 465 virtual machines. According to the plea deal, the former employee accessed the systems five months after his resignation. This incident, which lasted approximately two weeks, cost Cisco over $2.4 million dollars in customer refunds and employee time to restore the services. A statement from Cisco said, “Cisco addressed the issue in September 2018 as quickly as possible, ensured no customer information was lost or compromised and implemented additional safeguards.” Cisco also stated that they have implemented processes to prevent future occurrences. Currently, the former employee was released on bail set at $50,000 after being charged. If he is found guilty, he faces a maximum statutory sentence of five years in jail and a $250,000 fine. He is also currently in the U.S. on an H1 visa and if found guilty, could face possible deportation.


ANALYST NOTES

Employers can mitigate these situations by adopting an employee exit policy that standardizes the procedure to follow when an employee leaves the organization. A few items to include in an exit policy would be to disable all access codes or credentials from the employer’s systems. All company property, especially computer systems and intellectual property, should be inventoried and verified that it has been returned. Nondisclosure agreements (NDA’s) should also be in place to assist the employer in making sure sensitive information is not leaked, and if it is, have recourse against disgruntled former employees.

Source article: https://www.bleepingcomputer.com/news/security/cisco-engineer-resigns-then-nukes-16k-webex-accounts-456-vms/