Summary:
1. Akira ransomware is targeting Cisco VPNs without multi-factor authentication (MFA).
2. The vulnerability, known as CVE-2023-20269, allows unauthorized access to VPN connections.
3. Organizations without MFA on their VPNs are at risk of infiltration.
4. Implementing MFA is crucial to mitigate the risk of unauthorized access and ransomware infections.
5. Cisco has collaborated with Rapid7 to investigate similar attack tactics.
6. The Akira ransomware uses various extortion strategies and a TOR-based website.
7. Attackers exploit exposed services and vulnerabilities in MFA and VPN software.
8. Two primary access methods used are brute-forcing and purchasing credentials from the dark web.
9. Detailed logs in affected Cisco ASA devices are necessary for incident analysis.
10. Cisco provides guidance on setting up logging and forensics in ASA devices.