Hackers target Cisco ASA SSL VPNs with brute-force attacks

Share post:

Rapid7 security researchers have warned that hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in brute-force attacks. The attacks exploit lapses in security defenses, such as not enforcing multi-factor authentication (MFA).

According to Rapid7 security researchers, attackers have been targeting Cisco ASA SSL VPNs since March of this year. They have yet to detect any instances where the threat actors behind these attacks have circumvented properly configured MFA to breach Cisco VPNs.

The attacks typically involve using automated tools to try a large number of passwords to guess the targets’ login credentials. The attackers often use common usernames, such as “admin”, “guest”, and “kali”, as well as IP addresses associated with known threat actors.

Once the attackers gain access to a Cisco ASA SSL VPN, they can use it to remotely access the victim’s network and steal data or install malware. Cisco PSIRT’s Principal Engineer, Omar Santos, acknowledged the complexities arising due to improperly configured logging in affected Cisco ASAs, emphasizing the challenge in determining the attackers’ methods.

Security experts recommend that organizations use MFA to protect their Cisco ASA SSL VPNs. They should also disable default accounts and passwords and enable logging on all VPNs to help with attack analysis.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Russian-linked hackers target U.S. and European water systems

A Russian military-affiliated hacking group, Sandworm, is suspected of coordinating recent cyberattacks on water utilities in the U.S.,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways