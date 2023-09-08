Vida de ciutat

Presentant les noves tecnologies i el poder de la IA

Tecnologia

Els atacants de ransomware exploten la vulnerabilitat a les VPN de Cisco

ByGabriel Botha

Setembre 8, 2023
Cisco has issued an interim workaround to address a zero-day vulnerability in some of its VPN products that is being exploited by ransomware attackers. The flaw, tracked as CVE-2023-20269, exists in the remote access VPN feature of Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software stacks. Attackers can brute-force their way into vulnerable devices by attempting all possible or likely username-password combinations. However, if multi-factor authentication is configured with strong login credentials, the vulnerability can be mitigated.

The vulnerability arises from improper separation of authentication, authorization, and accounting between different features of the VPN system. According to Cisco, the flaw does not allow an attacker to bypass authentication, but rather facilitates brute force attacks to identify valid username and password combinations. Cybercriminals have been attempting to exploit the vulnerability since August.

The Akira ransomware gang is one group that has been targeting Cisco VPNs that are not configured for multi-factor authentication and are vulnerable to brute-force logins. According to security firm Rapid7, at least 11 customers were affected by ransomware infections from March to August due to these intrusions. The victims spanned various industries including healthcare, professional services, manufacturing, and oil and gas.

Cisco recommends upgrading to a fixed software release once available, and in the meantime, implementing workarounds to protect against attacks. These include configuring a dynamic access policy (DAP) to terminate VPN tunnel establishment and setting the vpn-simultaneous-logins option to zero if not using the Default Group Policy for remote VPN access. Enabling logging is also important to catch brute-force attempts.

In conclusion, implementing multi-factor authentication and properly configuring it is crucial to prevent exploitation of this vulnerability in Cisco VPNs. Admins should also apply the recommended workarounds until a complete patch is developed.

