Cisco VPNs subjected to brute force attacks

BleepingComputer reports that brute-force attacks have been targeted at vulnerable Cisco Adaptive Security Appliance SSL VPNs since March. At least 11 organizations have been compromised through Cisco ASA SSL VPN-related intrusions from March 30 to Aug. 24, with most incidents involving the use of common usernames to infiltrate the ASA appliances, as well as similar attack infrastructure, according to a report from Rapid7. Organizations whose VPN appliances were breached then had their networks accessed through remote desktop software AnyDesk, while stolen domain credentials were utilized to impact other systems. The report also noted that some attacks aimed at Cisco VPN appliances facilitated Akira and LockBit ransomware deployment. "These incidents reinforce that use of weak or default credentials remains common, and that credentials in general are often not protected as a result of lax MFA enforcement in corporate networks," said Rapid7. The findings come after Akira operators were noted by a SentinelOne WatchTower report to have potentially targeted Cisco VPNs without multi-factor authentication.