Urgent Security Alert Issued By Cisco
May 20, 2024
An urgent security alert issued by Cisco states the company has been hacked and urges users to conduct an immediate software upgrade of the company’s core Adaptive Security Appliances product. The threat actor was likely state-sponsored, according to Cisco, based on the conclusion that it “demonstrated a clear focus on espionage and an in-depth knowledge of the devices [that were] targeted, hallmarks of a sophisticated state-sponsored actor.”
An article from CSO quotes extensively from Cisco’s own post regarding the hack, laying out many of the technical details. The malicious actions, according to Cisco, included “configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement.” Cisco notes that network telemetry and intelligence from partners suggest the hacker is targeting network devices from Microsoft and other vendors.
The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, has also recommended doing the updates. Additionally, it advises doing a search for malicious activity and asks to be notified if any issues are uncovered.
Cisco notes that in the past two years, there has been a dramatic increase in the targeting of perimeter network devices, which it says are ideal targets for espionage campaigns and must be routinely patched.
The CSO article quotes an expert source who lays out a checklist of cybersecurity recommendations. In addition to routine software updates, he advises regular security audits aimed at identifying unpatched systems and outdated protocols, employee training programs to raise awareness of phishing and other cyber threats, and widespread implementation of multi-factor authentication for internal systems, as well as external access.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.