9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
“State-sponsored” hackers have been using newly discovered zero days and backdoors in Cisco firewalls to carry out espionage attacks for months. The Cisco Talos security team published a
“State-sponsored” hackers have been using newly discovered zero days and backdoors in Cisco firewalls to carry out espionage attacks for months.
The Cisco Talos security team published a detailed blog on Wednesday to warn the world about espionage attacks passing through its firewalls. The attackers exploit several vulnerabilities Adaptive security applianceFirewall bypass software. Since the known victims are mainly government organizations, Cisco is convinced that the perpetrators are also acting on behalf of a nation state, probably China.
The goal of an espionage attack is to stay under the radar, and the hackers have done that quite well. Research shows that the vulnerabilities have been exploited since November 2023, with first reports of victims since January. Preparations have been going on since July. The attackers used all possible techniques to cover their tracks.
Two zero-day vulnerabilities were identified as the vector for the espionage attacks: CVE-2024-20359 and CVE-2024-20353. This opens the door to two previously undiscovered backdoors in the software that the creative names Line dancers And Line runner to get. Line Dancer is a memory-only virus, which makes it difficult to detect.
Once Line Dancer is installed, the hackers can use a simple, unauthenticated web request to send malicious code through the host scan response component. Line Runner then ensures that infections survive a device reboot.
Cisco advises companies to first determine whether they may be victims. The blog describes in detail what steps can be taken. A patch is now available that closes the gaps. Even if you are not (yet) affected by this, you should install the patch as quickly as possible.
The Cisco firewall incident is not an isolated incident. Recently, malicious vulnerabilities in security equipment have been regularly discovered, including in the VPN provider Ivanti. The job of a firewall is to keep intruders out, but they can also be an interesting target themselves because they are at the start of a network.
It shows that simply installing a firewall is not enough to ensure security. Once attackers get past the wall, you’re a dead bird unless you have additional defensive weapons.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
