Cisco ASA target by Akira Ransomware Group
Cisco ASA target by Akira Ransomware Group
1 September 2023
Cisco has confirmed that they are aware that their product ASA (Adaptive Security Appliance) SSL VPN is being targeted by Akira Ransomware. The VPNs that are being targeted only have single factor authentication implemented. The attack method are brute-forcing and the use of leaked credentials bought through the dark web.
Cisco has released best practices to mitigate these types of attack:
- Enable MFA authentication
- Setup logging on ASA to improve correlation and auditing of the network incidents
Affected Products
Cisco ASA: all versions
More information from Cisco, link