PSA—Akira Ransomware Targeting Cisco VPNs

By: Craig Kennedy

PSA—Akira Ransomware Targeting Cisco VPNs

There is growing evidence being reported that Cisco virtual private networks (VPNs) are being targeted as an attack vector by the recently surfaced Akira ransomware group. 

Who is the Akira?

Akira is a relatively new ransomware group, originally surfacing in March 2023, that has been breaching corporate networks, exfiltrating data, encrypting files, and extorting ransom from targeted organizations for upwards of several million dollars. The group threatens to make the exfiltrated data publicly available unless a ransom is paid and demands additional payment to provide a key to unencrypt the data on the corporate network. There are enough similarities in these attacks that lead many security experts to believe this group is linked to members of the disbanded Conti ransomware group.  

Targeting Cisco VPNs 

Although the attacks by the group started out exploiting a multitude of attack surface vulnerabilities, there’s mounting evidence that Akira is now targeting Cisco VPN (virtual private network) products as a preferred attack vector. The attack profile is using account credentials that are not protected using multi-factor authentication (MFA). It’s unclear whether the account credentials are compromised and purchased on the dark web, the attackers are using brute-force to get in, or if there’s a yet to be determined zero-day affecting Cisco VPN.

Cisco VPN solutions are very popular within enterprises requiring security between corporate networks and remote endpoints. Typical organizations are in the banking, securities, and healthcare industries, as well as others.

Bottom Line

If you are currently using Cisco VPN and do not have multi-factor authentication configured for all accounts, then stop what you’re doing and get MFA configured immediately. The number of known breached companies exceeds 60 and is growing. Don’t let your enterprise be the next one on this list.

---

See Craig’s Webinar Playback for “Cybersecurity in the Age of AI: Fighting Fire With Fire”

Watch On-Demand For Free Here>>

---

This blog is a part of the Digital Operations blog series by Aragon Research’s Sr. Director of Research, Craig Kennedy.

Missed an installment? Catch up here!

 

Blog 1: Introducing the Digital Operations Blog Series

Blog 2: Digital Operations: Keeping Your Infrastructure Secure

Blog 3: Digital Operations: Cloud Computing

Blog 4: Cybersecurity Attacks Have Been Silently Escalating

Blog 5: Automation—The Key to Success in Today’s Digital World

Blog 6: Infrastructure—Making the Right Choices in a Digital World

Blog 7: Open-Source Software—Is Your Supply Chain at Risk?

Blog 8: IBM AIU—A System on a Chip Designed For AI

Blog 9: IBM Quantum: The Osprey Is Here

Blog 10: The Persistence of Log4j

Blog 11: AWS re:Invent 2022—Focus on Zero-ETL for AWS

Blog 12: AWS re:Invent 2022—The Customer Is Always Right

Blog 13: How Good is the New ChatGPT?

Blog 14: The U.S. Department of Defense Embraces Multi-Cloud

Blog 15: 2022 Digital Operations—The Year in Review

Blog 16: Lucky Number 13 for Intel—Intel Is Back on Top

Blog 17: Quantum Decryption—The Holy Grail for Cybercriminals

Blog 18: Microsoft and OpenAI—Intelligent Partnership

Blog 19: ChatGPT—The First One Is Free

Blog 20: Bing and ChatGPT—Your Co-Pilot When Searching the Web

Blog 21: ESXiArgs—Ransomware Attack on VMware

Blog 22: The Cost of Supply Chain Security—$250M in Sales

Blog 23: OpenAI Delivers on APIs—Accelerating the Adoption of ChatGPT

Blog 24: OpenAI Delivers on Plugins—Is ChatGPT The New Generative Content Platform?

Blog 25: Microsoft Security Copilot—Defending the Enterprise at the Speed of AI

Blog 26: Operation Cookie Monster Takes a Huge Bite Out of The Dark Web

Blog 27: AWS Bedrock—Amazon’s Generative AI Launch

Blog 28: Google Cloud Security AI Workbench – Conversational Security

Blog 29: World Password Day – Is This the Last Anniversary

Blog 30: Intel Partners to Enter the Generative AI Race—Aurora genAI

Blog 31: Charlotte AI – CrowdStrike Enters the Generative AI Cybersecurity Race

Blog 32: NICE Catches the Generative AI Wave

Blog 33: AMD Instinct MI300X—A New Challenger to Nvidia

Blog 34: Storm-0558—Chinese Cyber Attack on US Government Organizations

Blog 35: Network Resilience Coalition—Making the Network Safer

Blog 36: Frontier Model Forum—Power Players Unite to Make AI Safer

Blog 37: Intel Is Back in the Foundry Business—Entering the Angstrom Era

Blog 38: Check Point Acquires Perimeter 81—Securing Remote Access