Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This nasty ransomware is targeting Cisco VPNs to attack businesses

security

Operators of Akira, a relatively new entrant to the ransomware scene, have been targeting businesses using Cisco’s VPN products. 

By logging into compromised accounts, Akira’s members were able to breach corporate endpoints, steal sensitive data, and ultimately deploy ransomware.

This is according to research made by multiple cybersecurity firms, although what these firms can’t know for sure, is how Akira obtained the login credentials for the VPN service.

Brute-forcing their way in?

Sophos, for example first spotted Akira in May 2023, saying the group accessed target networks through "VPN access using Single Factor authentication." Another incident responder, going by the alias Aura, noted that Akira managed to compromise these accounts because they weren’t protected with multi-factor authentication (MFA). 

Because Cisco ASA doesn’t have any logging features, the researchers can’t know for sure. Some speculate Akira might have brute-forced its way into these accounts, too, while others are of the opinion that the access was bought from a third party on a dark web forum. Researchers from SentinelOne, however, think a zero-day might be at play here, as well. Apparently, the researchers believe the flaw affects accounts without MFA set up.

Cisco’s VPN offerings are among the most popular ones among business users, with numerous organizations using them to securely transmit data between users and networks. By some, the tools are considered a must for remote and hybrid workers. 

It is also worth mentioning that cybersecurity experts from Avast published a decryptor for Akira in late June this year, which can be downloaded for free. However, Akira has since responded and updated its encryptor. Thus, the decryption will only work on older varians and businesses should not be overly confident they can salvage their sensitive data in case of an attack.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.