Security News > 2023 > August > Hacking campaign bruteforces Cisco VPNs to breach networks
Hackers are targeting Cisco Adaptive Security Appliance SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication.
Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access.
They also said that they're yet to detect any instances where the threat actors behind these attacks have circumvented properly configured MFA to breach Cisco VPNs. This confirms an advisory from Cisco's Product Security Incident Response Team published two days after BleepingComputer's report regarding attackers using automated tools to target Cisco VPNs in brute-force and password-spraying attacks.
"In the reported attack scenarios, the logging was not configured in the affected Cisco's ASAs. This has made it challenging to determine precisely how the Akira ransomware attackers were able to access the VPNs," Cisco PSIRT Principal Engineer Omar Santos said.
Rapid7 also revealed that at least 11 customers were breached in Cisco ASA-related attacks between March 30 and August 24, with the breaches linked to compromised SSL VPNs. In most incidents investigated by Rapid7, the malicious actors tried to log into ASA appliances using usernames spanning common ones, ranging from admin, guest, kali, and cisco to test, printer, security, and inspector.
Akira ransomware targets Cisco VPNs to breach organizations.
News URL
Related news
- Cisco investigates breach after stolen data for sale on hacking forum (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Fog ransomware targets SonicWall VPNs to breach corporate networks (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)