Hackers target Cisco ASA SSL VPNs with brute-force attacks

Share post:

Rapid7 security researchers have warned that hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in brute-force attacks. The attacks exploit lapses in security defenses, such as not enforcing multi-factor authentication (MFA).

According to Rapid7 security researchers, attackers have been targeting Cisco ASA SSL VPNs since March of this year. They have yet to detect any instances where the threat actors behind these attacks have circumvented properly configured MFA to breach Cisco VPNs.

The attacks typically involve using automated tools to try a large number of passwords to guess the targets’ login credentials. The attackers often use common usernames, such as “admin”, “guest”, and “kali”, as well as IP addresses associated with known threat actors.

Once the attackers gain access to a Cisco ASA SSL VPN, they can use it to remotely access the victim’s network and steal data or install malware. Cisco PSIRT’s Principal Engineer, Omar Santos, acknowledged the complexities arising due to improperly configured logging in affected Cisco ASAs, emphasizing the challenge in determining the attackers’ methods.

Security experts recommend that organizations use MFA to protect their Cisco ASA SSL VPNs. They should also disable default accounts and passwords and enable logging on all VPNs to help with attack analysis.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Ransomware Surge Targets U.S. Energy and Utilities Sector Amid Legacy System Challenges: Report

A recent Trustwave SpiderLabs report underscores the growing cybersecurity challenges in the U.S. energy and utilities sector, driven...

FortiGate Configuration Leak Exposes Thousands of Organizations

A recent security incident has resulted in the exposure of nearly 5,000 organizations' email addresses and IP information...

Credentials from Top Cybersecurity Vendors Found on Dark Web For $10 Each

A report by security researchers at Cyble has uncovered a troubling discovery: thousands of account credentials from several...

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways