Hackers target Cisco ASA SSL VPNs with brute-force attacks

Share post:

Rapid7 security researchers have warned that hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in brute-force attacks. The attacks exploit lapses in security defenses, such as not enforcing multi-factor authentication (MFA).

According to Rapid7 security researchers, attackers have been targeting Cisco ASA SSL VPNs since March of this year. They have yet to detect any instances where the threat actors behind these attacks have circumvented properly configured MFA to breach Cisco VPNs.

The attacks typically involve using automated tools to try a large number of passwords to guess the targets’ login credentials. The attackers often use common usernames, such as “admin”, “guest”, and “kali”, as well as IP addresses associated with known threat actors.

Once the attackers gain access to a Cisco ASA SSL VPN, they can use it to remotely access the victim’s network and steal data or install malware. Cisco PSIRT’s Principal Engineer, Omar Santos, acknowledged the complexities arising due to improperly configured logging in affected Cisco ASAs, emphasizing the challenge in determining the attackers’ methods.

Security experts recommend that organizations use MFA to protect their Cisco ASA SSL VPNs. They should also disable default accounts and passwords and enable logging on all VPNs to help with attack analysis.

The sources for this piece include an article in BleepingComputer.


Related articles

FBI rapidly hacks into Trump shooter’s phone, raises privacy concerns

Just two days after the attempted assassination at a Trump rally, the FBI announced it had gained access...

Disney investigating a potential major leak of internal communications

Disney is investigating a significant data breach by the hacking group Nullbulge, which claims to have accessed and...

Kaspersky to shut down its US business due to sanctions

Russian cybersecurity firm Kaspersky Lab announced it will cease its U.S. operations starting July 20, following sanctions from...

Google’s Gemini AI caught scanning private Google Drive documents without permission

Google's Gemini AI has come under fire for scanning private PDF documents in Google Drive without user consent....

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways