Cisco VPNs with no MFA enabled hit by ransomware groups

Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. “In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we’ve observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication (MFA) was either not enabled or was not enforced for all users (i.e., via … More →

The post …

adversaries akira arctic wolf networks asa attacks brute-force cases cisco cisco asa credential credential stuffing credential stuffing attacks default default passwords don't miss enterprise hot stuff lockbit lockbit ransomware march mfa organizations passwords ransomware ransomware groups rapid7 smbs ssl ssl vpn vpn vpns