The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has issued a high priority security alert about FIRESTARTER malware on Cisco Firepower and Secure Firewall products.
The bulletin states the discovery of a previously unknown persistence mechanism that is preserved even when upgrading and patching the relevant Cisco products running ASA or FTD software. The persistence of the vulnerability means cybercriminals can re-access compromised devices without re-exploiting vulnerabilities.
The ACSC advises organisations to use the IOC command available in the vendor advisory. It also advises following the Supplemental Direction for ED 25-03 and run the “show checkheaps” and “show tech-support detail” commands, while saving the full output off-device and preferably to an isolated system.
Several other steps outlined by Cisco and the ASD can also be taken. If FIRESTARTER is detected, affected parties must report the incident to the ACSC, which will then provide guidance on next steps.
Devices that have not been upgraded to a release listed in Cisco Event Response Continued Attacks Against Cisco Firewalls should also be immediately upgraded.
Organisations that have been impacted, suspect impact, or require advice and assistance can contact the ASD’s ACSC on 1300 292 371.
_(30).jpg&h=142&w=230&c=1&s=1)
_(25).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0){kind=logo}
.jpg&w=100&c=1&s=0)
