Hackers target Cisco ASA SSL VPNs with brute-force attacks

August 31, 2023

Rapid7 security researchers have warned that hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in brute-force attacks. The attacks exploit lapses in security defenses, such as not enforcing multi-factor authentication (MFA).

According to Rapid7 security researchers, attackers have been targeting Cisco ASA SSL VPNs since March of this year. They have yet to detect any instances where the threat actors behind these attacks have circumvented properly configured MFA to breach Cisco VPNs.

The attacks typically involve using automated tools to try a large number of passwords to guess the targets’ login credentials. The attackers often use common usernames, such as “admin”, “guest”, and “kali”, as well as IP addresses associated with known threat actors.

Once the attackers gain access to a Cisco ASA SSL VPN, they can use it to remotely access the victim’s network and steal data or install malware. Cisco PSIRT’s Principal Engineer, Omar Santos, acknowledged the complexities arising due to improperly configured logging in affected Cisco ASAs, emphasizing the challenge in determining the attackers’ methods.

Security experts recommend that organizations use MFA to protect their Cisco ASA SSL VPNs. They should also disable default accounts and passwords and enable logging on all VPNs to help with attack analysis.

The sources for this piece include an article in BleepingComputer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn