Attackers are infecting a widely used virtual private network product sold by Cisco Systems to install backdoors that collect user names and passwords used to log in to corporate networks, security researchers said.
A researcher from security firm Volexity told Ars that he's aware of about a dozen attacks successfully infecting Cisco's Clientless SSL VPN, but he said he suspects the total number of hacks is higher. The attacks appear to be carried out by multiple parties using at least two separate entry points. Once the backdoor is in place, it may operate unnoticed for months as it collects credentials that employees enter as they log in to company networks.
The Clientless SSL VPN is a virtual private network product that works with Cisco's Adaptive Security Appliance. Once users have authenticated themselves, the Web-based VPN allows employees to access internal webpages and internal file shares plus launch plug-ins that allow them to connect to other internal resources through telnet, SSH, or similar network protocols.