It’s interesting how it always the big vendors that seem to suffer attacks like this - is it the more positive angle that simply nobody important uses stuff like opnsense? Or more negatively, not enough people paying attention to catch these attacks?
If this were to happen to an OSS product it would likely get a CVE, but it's less likely to get a report on the controller's behind this and a well written page with pretty graphics unless a security researcher wanted to bolster their credentials.
Cisco has enough money to fund their own security company which lets them also investigate issues and issue statements of the form: We are so significant that nation-states target our equipment. We are also so dedicated to security we will write up these reports to show this dedication.
Part of it is it makes them look cool. Part of it is if they don't they risk the govt dragging them through the mud, like CISA did for the MSFT email breach. CISA already releases a lot of alerts on Cisco as it is.
I think its that anyone important has significant money on the line, and hence wants or requires support contracts for their technicians and engineers. That wildly narrows the range of acceptable choices to pretty much just enterprise vendors (IMO), with the result being a greatly reduction attack surface?
Might be off topic, but has Cisco ASA improved much in the past four or five years? The one I had years ago was not much use for anything other than basic access rules.
"espionage-focused campaign found targeting network devices"
Nice copy.
—"multiple vendors" = Cisco and Microsoft... and others
"these devices need to be routinely and promptly patched; using up-to-date hardware"
Contact sales at xxx...
"Cisco’s position as a leading global network infrastructure vendor gives Talos’ Intelligence and Interdiction team immense visibility into the general state of network hygiene. This also gives us uniquely positioned investigative capability into attacks of this nature."
—Is this a security bulletin or a prospectus? When is a liability an asset? You decide
"Early in 2024, a vigilant customer reached out to both Cisco’s Product Security Incident Response Team (PSIRT) and Cisco Talos to discuss security concerns..."
—More fine copy.
"Cisco Secure Firewall (formerly Next-Generation Firewall and Firepower NGFW) appliances such as Threat Defense Virtual, Adaptive Security Appliance and Meraki MX can detect malicious activity associated with this threat."
—ABC: Always Be Closing!
"This threat demonstrates several techniques of the MITRE ATT&CK framework, most notably..."
—Several = 15
—List of 100s of vectors and effects over years
"As a part of our ongoing investigation, we have also conducted analysis on possible attribution of this activity. Our attribution assessment is based on the victimology..."
—We still don't know what's going on or why. Order now!
—Re Talos: back in 2008 there was a little upset in bank derivatives due to the standards and practices of a little sector of the bond market called The Ratings Agencies.
—In the tech sector Cisco stock rose sharply on HW sales surge after a critical vulnerability in government systems was exposed in existing HW...
THANK YOU THANK YOU I'LL BE HERE ALL WEEK TRY THE VEAL
So update but probably remain vulnerable - there is no reason to think CISCO has fixed the original vulnerability.
Irrelevant aside: CISCO could have just reported a couple of zero-days they already knew of. Maybe vendors will start stockpiling zero-days ;-P