Since March, Cisco ASA SSL VPNs have come under attack from attacks primarily focused on the lack of MFAs. Hackers primarily try to crack networks using brute force attacks.

A week ago, Cisco admitted that its ASA SSL VPNs have been under attack since March. These are mainly systems without multi-factor authentication, which is why brute force is the attack of choice for hackers. Attackers want network access first and then install ransomware like (the relatively new) Akira or LockBit.

extra information

Cybersecurity company Rapid7 has since provided further insight into these attacks. In addition to brute force attacks, the company also noticed credential stuffing attacks. Rapid7 was able to identify at least 11 victims, including companies involved in healthcare and the oil and gas industry. The security company also says it is working closely with Cisco on these incidents.

Earlier this month, Cisco announced its partnership with Cohesity, meaning the company can now help its customers mitigate the damage caused by a ransomware attack faster. The company is thus once again underscoring its stronger focus on safety.

Rapid7 also shared some details about the attacks. For example, hackers attempted to use a list of apparent logins to access Adaptive Security Appliance VPNs, in this case: Cisco, Admin, Guest, or Security. According to the security researchers, this is a clear indication of a brute force attack.

A notable note in Rapid7’s report is that VPNs with a fully active MFA were protected from any harm. This once again underlines the enormous importance of such an additional layer of security.