Security researcher Kevin Beaumont is warning about the efforts of ransomware groups Akira and Lockbit to exploit older vulnerabilities in Cisco ASA SSL VPN devices.
These groups target vulnerabilities for which patches have been available since 2020 and 2023. Beaumont emphasizes the importance for administrators to upgrade to the latest ASA release, particularly on devices with the AnyConnect SSL VPN feature enabled on their internet-exposed interfaces.
These vulnerabilities pose a significant threat as Cisco ASA devices are commonly deployed across organizations and are frequently targeted by attackers, including ransomware groups, through various means, such as unpatched vulnerabilities, credential stuffing, and brute-force attacks.
Enjoy true online freedom with PC Matic VPN. Hide your online activity, secure your connection, and access region-blocked content from anywhere.
Additionally, users benefit from anti-ransomware and malware protection, dark web monitoring, safe web browsing, USA-based phone support, identity theft protection, and more.
Attackers are developing exploits or purchasing them as proof-of-concept exploits for patched vulnerabilities continue to surface. For instance, there are suspicions of Akira exploiting CVE-2020-3259 without a known public exploit.
Despite some vulnerabilities like CVE-2020-3580 being exploited in the past, ransomware groups are banking on organizations’ slow patching processes. There has been a notable increase in scanning for Cisco AnyConnect VPN devices, with most scanning IPs identified as malicious. This surge in scanning activity correlates with previous exploitation campaigns, such as CitrixBleed. Beaumont’s warning is clear: organizations must prioritize patching to mitigate the risk of falling victim to ransomware attacks.
PC Matic delivers complete home and business cybersecurity protection against ransomware, malware, identity theft, online tracking, data breaches, and more. For over 20 years, PC Matic’s award-winning cyber protection has saved millions of satisfied customers from becoming the next cybercrime victim and is exclusively made in the USA.
Learn more about PC Matic today!