Curious if anyone has seen a ramp up in attacks against brute forcing AnyConnect logins? Since Mid-May we are seeing large scale brute force attempts out of Russia/Cyprus against Cisco ASA/FTD running AnyConnect. I know of the recent CVE about SYSTEM level access through a vulnerable client, but it requires valid credentials which may be what they are fishing for.
Curious if anyone else has seen this behavior in their environments and if there is something big coming from Cisco. I am dreading a new zero-day that we'll frantically need to patch because Cisco finally went public after Talos saw large scale exploitation in the wild...
No comments:
Post a Comment