The Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday that threat actors are continuing to target Cisco devices, issuing new implementation guidance after a large-scale attack earlier this fall.
Following a warning from CISA in September that an “advanced threat actor” targeted Cisco ASA via web services, the agency said in new guidance that some agencies incorrectly marked Cisco ASA and Firepower devices as “patched” despite running software still vulnerable to active exploits.
The agency said it is seeing attacks on these versions across federal networks and urged any agency that hasn’t installed the required updates – or applied them after September – to take extra mitigation steps.
CISA stressed that all ASA and Firepower devices, not just public-facing ones, must be updated to the latest patches.
“By following these best practices, organizations can better protect themselves from potential threats and ensure the integrity of their digital infrastructure,” said Nick Andersen, executive assistant director for CISA’s Cybersecurity Division. “The release of this implementation guidance is a critical step in mitigating the risks posed by these vulnerabilities.”
CISA recommended in its latest update that all organizations verify that they are running the correct minimum software version updates outlined in the new implementation guidance.