Firestarter malware evades Cisco updates, sparks fresh security alerts

Firestarter malware continues to embed itself in Cisco’s Firepower and Secure Firewall platforms despite recent firmware updates and security patches, according to alerts from U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Britain’s National Cyber Security Centre (NCSC).

Why Firestarter malware persists on Cisco devices

Researchers say the code exploits a lingering configuration flaw in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, allowing it to survive reboot cycles. The vulnerability, identified as CVE‑2024‑XXXXX, was patched in March, yet field reports show infection rates climbing ↓ 12% over the last month.

“We observed the malware re‑establishing command‑and‑control channels within minutes of a reboot,” said a senior analyst at Reuters.

Implications for enterprise security teams

Enterprises running legacy Cisco firewalls are urged to verify firmware versions, enforce multi‑factor authentication, and isolate compromised segments. The NCSC recommends immediate network segmentation and continuous monitoring for anomalous traffic.

Both agencies stress that the threat actor behind Firestarter malware appears to be a well‑funded group targeting critical infrastructure, suggesting a broader campaign that could extend beyond firewalls to other network appliances.

Intel provided by Nova Stirling (Aerospace & Space Tech Correspondent).