Cisco urges immediate software upgrade after state-sponsored attack

Thinking beyond updates

Cisco emphasized that perimeter network devices serve as ideal entry points for espionage-focused campaigns and must be routinely and promptly patched.

“In the past two years, we have seen a dramatic and sustained increase in the targeting of these devices in areas such as telecommunications providers and energy sector organizations — critical infrastructure entities that are likely strategic targets of interest for many foreign governments,” Cisco said in the post. 

CIOs and CISOs should focus beyond routine software updates and adopt a holistic approach, said Thomas George, president of market research firm CMR.

“This should include regular security audits to identify and address vulnerabilities—such as unpatched systems or outdated protocols,” George said. “Additionally, robust employee training programs are crucial to raising awareness about phishing, social engineering, and other cyber threats. The widespread implementation of multi-factor authentication, not just for external access but also for internal systems, significantly enhances security.”

George also suggested integrating advanced threat detection technologies like AI-driven anomaly detection and establishing a well-structured incident response plan that includes simulated cyberattack drills, which can dramatically improve an organization’s ability to detect, respond to, and mitigate cyber incidents swiftly.

Combined effort essential

In the post, Cisco explained how it identified the issue. Early in 2024, a customer reached out to its Product Security Incident Response Team (PSIRT) and Cisco Talos, its threat intelligence team, raising security concerns about their Adaptive Security Appliances.