Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks

A critical flaw in Cisco firewall management software was exploited by Interlock ransomware hackers for weeks, targeting critical infrastructure sectors in North America and Europe. The vulnerability, which had a maximum severity score, was leveraged to compromise Cisco firewalls, allowing the attackers to gain unauthorized access to sensitive systems. Researchers from AWS discovered an Interlock server loaded with various tools, highlighting the group's extensive focus on critical infrastructure. The exploitation occurred before Cisco publicly disclosed the vulnerability in early March, putting numerous organizations at risk. The use of this exploit by Interlock ransomware underscores the importance of proactive operational resilience planning, particularly in sectors that are frequently targeted by such groups¹. This incident matters to security practitioners because it demonstrates the need for swift patching and robust security measures to mitigate the risk of ransomware attacks on critical infrastructure.