I think this highlights the need to rotate keys more frequently. Basically, the crackers broke into a corporate Exchange server and stole the Duo "secret" key. With this key they could sign any future log-in attempts and prevent Duo from issuing a MFA request.
So, they just sat on the key until they needed access to someone's account. Changing that key every 'N' days would reduce the attackers opportunities severely. Then again, changing keys all the time also has it's downsides.
I think this highlights the need to rotate keys more frequently. Basically, the crackers broke into a corporate Exchange server and stole the Duo "secret" key. With this key they could sign any future log-in attempts and prevent Duo from issuing a MFA request.
So, they just sat on the key until they needed access to someone's account. Changing that key every 'N' days would reduce the attackers opportunities severely. Then again, changing keys all the time also has it's downsides.