DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home Alerts

Akira Ransomware Exploits Cisco VPNs

August 23, 2023
Reading Time: 2 mins read
in Alerts

Evidence is mounting that the Akira ransomware group has been strategically targeting Cisco VPN products to infiltrate corporate networks, leading to data theft and eventual encryption. This relatively new ransomware operation, launched in March 2023, has recently expanded its tactics by introducing a Linux encryptor to target VMware ESXi virtual machines. The widespread adoption of Cisco VPN solutions in various industries, especially for remote work scenarios, makes them an attractive entry point for cybercriminals.

Akira ransomware’s exploitation of compromised Cisco VPN accounts enables it to breach corporate networks without the need for additional backdoors or persistence mechanisms. Sophos initially reported on this strategy in May, highlighting the group’s use of “VPN access using Single Factor authentication.”

However, further investigation by an incident responder known as ‘Aura’ revealed the use of Cisco VPN accounts lacking multi-factor authentication. The methods employed by Akira to acquire these VPN credentials, such as brute-forcing or purchasing from dark web markets, remain uncertain.

SentinelOne’s analysis suggests that Akira may be capitalizing on an unidentified vulnerability in Cisco VPN software, potentially bypassing authentication without multi-factor protection. Additionally, the group has employed the RustDesk open-source remote access tool to navigate compromised networks, making them the first ransomware group to misuse this legitimate software.

RustDesk’s stealthy nature allows undetected remote access, with cross-platform operation and encrypted peer-to-peer connections that facilitate data exfiltration. The researchers also discovered other tactics used by Akira, including SQL database manipulation and disabling security features.

While Avast released a decryptor for Akira ransomware in June 2023, the threat actors have since patched their encryptors, limiting the tool’s effectiveness to older versions. These findings underline the evolving and sophisticated nature of ransomware attacks, highlighting the importance of strong cybersecurity measures, especially regarding VPN security, to protect organizations from such threats.

Source:
  • You may get a surprise knock from #Akira #Ransomware soon.
Tags: AkiraAkira ransomwareAlertsAlerts 2023August 2023AuraCiscoCyberattackCybersecurityVPNVulnerabilities
30
VIEWS
ADVERTISEMENT

Related Posts

Critical WordPress Plugin Flaws

Critical WordPress Plugin Flaws

September 29, 2023
Cisco Warns of Critical SD-WAN Flaw

Cisco Warns of Critical SD-WAN Flaw

September 29, 2023
Malicious Packages on npm and PyPI

Malicious Packages on npm and PyPI

September 29, 2023
Critical WordPress Plugin Flaws

Critical SharePoint Vulnerabilities Revealed

September 29, 2023

More Articles

Incidents

IT Services Provider Hit by Donut Gang

September 22, 2023
Alerts

Chinese-Language Phishing Campaigns

September 20, 2023
Cyber Briefing

September 21, 2023 – Cyber Briefing

September 21, 2023
Alerts

Lazarus Group Threat to Healthcare

September 22, 2023

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.