In a joint advisory released by cybersecurity agencies across Canada, Australia, and the United Kingdom, IT professionals and managers in government and critical sectors are alerted to sophisticated cyber-attacks targeting CISCO ASA VPN devices.
The Canadian Centre for Cyber Security and its international counterparts have been monitoring a series of cyber-attacks since early 2024.
These incidents have primarily affected CISCO ASA devices, specifically the ASA55xx series running firmware versions 9.12 and 9.14.
The attacks believed to be espionage efforts by a state-sponsored actor, have not shown signs of prepositioning for a disruptive or destructive network attack.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
However, the level of sophistication observed is a cause for concern.
The first vulnerability identified is CVE-2024-20359, allowing persistent local code execution.
This flaw enables attackers to maintain a presence on the affected device even after it has been rebooted.
The second vulnerability, CVE-2024-20353, can lead to a denial of service within the Cisco Adaptive Security Appliance and Firepower Threat Defense Software’s web services.
This vulnerability could be exploited to disrupt operations and deny access to network resources.
Malicious actors have exploited both vulnerabilities to gain unauthorized access through WebVPN sessions, often associated with Clientless SSLVPN services.
The agencies have not disclosed any specific hacker groups involved, but the capabilities point to a well-resourced and sophisticated actor.
Exploiting these vulnerabilities poses a significant risk to organizations that rely on the affected CISCO ASA VPN devices.
Unauthorized access to these devices can lead to data breaches, espionage, and potentially a foothold for future attacks against critical infrastructure.
In response to these threats, the advisory encourages organizations to:
The alert serves as a reminder of the ever-present cyber threats facing organizations and the importance of maintaining robust cybersecurity practices.
As the situation develops, further updates and recommendations are expected to be issued by the involved cybersecurity agencies.
Update: Cisco has released updates for Zero Day vulnerabilities; more details can be found here.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training ->
Try Free Demo
Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as…
Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel…
Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source…
Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to…
Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second,…
The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks from…