Hacker Attack: Thousands of Unique IP Addresses Scan Cisco ASA for Vulnerabilities

Cisco ASA (Adaptive Security Appliance) is one of the most widely used network security solutions. From small businesses to government entities handling sensitive information and infrastructure, Cisco ASA protects their network-connected devices against possible attacks. According to a comparative report by 6sense.com, CISCO ASA commands a market share of 17.05% - the top company in its category (Perimeter Security and Firewalls Technologies).

Due to its popularity, Cisco ASA is constantly under attack by hackers who aim to steal data or even take control of the network. Network administrators actively monitor their network for potential attacks as Cisco ASA continues to update its users with patches to improve their services.

New Potential Attach Reported

Although Cisco ASA continues to improve its security system, a massive coordinated attack occurred in August 2025. According to Greynoise.io, Cisco ASA devices experienced two waves of attacks. The first wave was observed on August 22, 2025, when a total of 25,198 unique IP addresses were recorded. The second wave was again observed on August 26, 2025, with 16,794 unique IP addresses logged.

For context, Cisco ASA devices log only 500 unique IP addresses in one day.

These attacks target login portals, extending to Cisco IOS Telnet/SSH. The second wave extends these attacks to ASA software personas. These IP addresses do not target a specific vulnerability, as they function as opportunistic attacks, trying to find possible vulnerabilities in the target network.

Based on the IP address source, most of the attacks were from Potential Update or Potential Attack

Brazil (64%), with the United States its main target (97%).

A large number of unique IP addresses scanning for vulnerabilities can be a security practice to check for vulnerabilities. Security companies often send out security patches a few days after this type of activity to improve the network security practices of their customers. On the other hand, it could be a potential attack by hackers looking for access to sensitive information and even control. Cisco ASA’s role in protecting sensitive data from important institutions has made the security system a target, and it has already had its fair share of exploited security flaws in the past.

Recommended Security Protocols for Protection Against Exploits

Although the security features of Cisco ASA are already robust, with integrated security features such as VPN and identity-based access, network managers should practice smart security protocols to prevent disasters. It only takes one attack to delete or compromise an enterprise's data, which could prove costly to any organization.

The use of MFA or Multi-Factor Authentication is highly recommended to prevent simple exploits. Additional authentication ensures access to authorized users only to limit exploits.

It’s also important to limit the access of security management tools. The Cisco ASA portal should never be accessible to anyone to prevent any unauthorized access.

Last but not least, patches should be implemented as soon as possible. Cisco ASA announces these patches, which also means a vulnerability that could be exploited. If the patch is not implemented, the network is susceptible to potential attacks.