Cisco VPNs not secured with MFA targeted by Akira ransomware gang
Take action: If you are using Cisco VPN without MFA, activate Multi Factor Authentication. For all VPN users. Because most people recycle passwords all over the place, and some passwords are already leaked.
Learn More
The Cisco Product Security Incident Response Team (PSIRT) has reported that the Akira ransomware is targeting Virtual Private Networks (VPNs) without Multi-Factor Authentication (MFA) measures.
The method used by ransomware operators to obtain Cisco VPN account credentials remains unclear. Cisco ASA lacks a logging function for successful logins, hindering researchers' ability to trace this access.
Possible methods include:
- purchasing credentials on the dark web,
- exploiting zero-day vulnerabilities,
- utilizing brute-force or credential stuffing attacks.
Evidence indicate brute-force and password spraying attempts. Some researchers suggest that Akira leverages Cisco VPN gateways based on leaked data and data stolen in previous ransomware attacks.
Regardless of the attack method, the importance of implementing MFA on Cisco VPN has become evident.
