17 April 2024

Cisco warns of large-scale brute-force attacks targeting VPNs, SSH services


Cisco warns of large-scale brute-force attacks targeting VPNs, SSH services

Cisco’s threat intelligence unit is warning of a surge in in brute-force attacks targeting various services including Virtual Private Networks (VPNs), web application authentication interfaces, and SSH services. The malicious activity has been on the rise since at least March 18, 2024.

According to Cisco Talos, the attacks come from TOR exit nodes and other anonymizing tunnels and proxies.

According to the advisory, the affected services include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, and SonicWall VPN. Additionally, web services like RD Web Services, Miktrotik, Draytek, and Ubiquiti have also been targeted by the observed brute-force attempts.

These attacks involve the use of both generic usernames and valid usernames associated with specific organizations. The nature of the targeting suggests that attackers are opportunistic and are not focused on any particular region or industry.

The consequences of a successful attack can range from unauthorized network access and account lockouts to denial-of-service conditions. Notably, the volume of traffic related to these attacks has been steadily increasing and is predicted to continue rising in the foreseeable future.

The source IP addresses associated with this malicious activity commonly originate from proxy services such as TOR, VPN Gate, IPIDEA Proxy, BigMama Proxy, Space Proxies, Nexus Proxy, and Proxy Rack.


Back to the list

Latest Posts

ICC investigates cyberattacks in Ukraine as possible war crimes

ICC investigates cyberattacks in Ukraine as possible war crimes

The probe is focused on cyberattacks that endangered lives by disrupting essential services.
17 June 2024
Alleged Scattered Spider leader arrested in Spain

Alleged Scattered Spider leader arrested in Spain

The suspect is believed to be a key player in the MGM ransomware attack.
17 June 2024
Scattered Spider hackers switch focus to cloud apps for data theft

Scattered Spider hackers switch focus to cloud apps for data theft

Mandiant has observed UNC3944 accessing platforms like vSphere and Azure via SSO applications to create new virtual machines.
17 June 2024