PSA—Akira Ransomware Targeting Cisco VPNs
By: Craig Kennedy
PSA—Akira Ransomware Targeting Cisco VPNs
There is growing evidence being reported that Cisco virtual private networks (VPNs) are being targeted as an attack vector by the recently surfaced Akira ransomware group.
Who is the Akira?
Akira is a relatively new ransomware group, originally surfacing in March 2023, that has been breaching corporate networks, exfiltrating data, encrypting files, and extorting ransom from targeted organizations for upwards of several million dollars. The group threatens to make the exfiltrated data publicly available unless a ransom is paid and demands additional payment to provide a key to unencrypt the data on the corporate network. There are enough similarities in these attacks that lead many security experts to believe this group is linked to members of the disbanded Conti ransomware group.
Targeting Cisco VPNs
Although the attacks by the group started out exploiting a multitude of attack surface vulnerabilities, there’s mounting evidence that Akira is now targeting Cisco VPN (virtual private network) products as a preferred attack vector. The attack profile is using account credentials that are not protected using multi-factor authentication (MFA). It’s unclear whether the account credentials are compromised and purchased on the dark web, the attackers are using brute-force to get in, or if there’s a yet to be determined zero-day affecting Cisco VPN.
Cisco VPN solutions are very popular within enterprises requiring security between corporate networks and remote endpoints. Typical organizations are in the banking, securities, and healthcare industries, as well as others.
Bottom Line
If you are currently using Cisco VPN and do not have multi-factor authentication configured for all accounts, then stop what you’re doing and get MFA configured immediately. The number of known breached companies exceeds 60 and is growing. Don’t let your enterprise be the next one on this list.
See Craig’s Webinar Playback for “Cybersecurity in the Age of AI: Fighting Fire With Fire”
Watch On-Demand For Free Here>>
This blog is a part of the Digital Operations blog series by Aragon Research’s Sr. Director of Research, Craig Kennedy.
Missed an installment? Catch up here!
Have a Comment on this?