Subj : This nasty ransomware is targeting Cisco VPNs to attack businesse To : All From : TechnologyDaily Date : Wed Aug 23 2023 14:30:03 This nasty ransomware is targeting Cisco VPNs to attack businesses Date: Wed, 23 Aug 2023 13:17:33 +0000 Description: Akira is going after vulnerable Cisco VPN accounts, mostly those without multi-factor authentication FULL STORY ====================================================================== Operators of Akira, a relatively new entrant to the ransomware scene, have been targeting businesses using Ciscos VPN products. By logging into compromised accounts, Akiras members were able to breach corporate endpoints, steal sensitive data, and ultimately deploy ransomware. This is according to research made by multiple cybersecurity firms, although what these firms cant know for sure, is how Akira obtained the login credentials for the VPN service . Brute-forcing their way in? Sophos, for example first spotted Akira in May 2023, saying the group accessed target networks through "VPN access using Single Factor authentication." Another incident responder, going by the alias Aura, noted that Akira managed to compromise these accounts because they werent protected with multi-factor authentication (MFA). Because Cisco ASA doesnt have any logging features, the researchers cant know for sure. Some speculate Akira might have brute-forced its way into these accounts, too, while others are of the opinion that the access was bought from a third party on a dark web forum. Researchers from SentinelOne, however, think a zero-day might be at play here, as well. Apparently, the researchers believe the flaw affects accounts without MFA set up. Read more > These are the best firewall software choices > LockBit ransomware has cost victims millions in the US alone > The end of Reddit? Why the blackout is still going and what happens next Ciscos VPN offerings are among the most popular ones among business users, with numerous organizations using them to securely transmit data between users and networks. By some, the tools are considered a must for remote and hybrid workers. It is also worth mentioning that cybersecurity experts from Avast published a decryptor for Akira in late June this year, which can be downloaded for free. However, Akira has since responded and updated its encryptor. Thus, the decryption will only work on older varians and businesses should not be overly confident they can salvage their sensitive data in case of an attack. Get a security boost and consider the best endpoint protection software Via: BleepingComputer ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-nasty-ransomware-is-targeting-cisc o-vpns-to-attack-businesses --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .