icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Massive Brute Force Attack Uses 2.8 Million IPs to Target VPN Devices

Summary:
A large-scale brute force password attack is currently underway, utilizing nearly 2.8 million IP addresses to target a variety of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall. Brute force attacks involve repeatedly trying different usernames and passwords until the correct combination is found, allowing attackers to hijack devices or gain access to organizational networks. According to the Shadowserver Foundation, this campaign has been ongoing since last month, with almost 2.8 million unique IP addresses being employed daily to conduct these attacks. The majority of these IP addresses are from Brazil (1.1 million), followed by Turkey (134.9k), Russia (132.9k), Argentina (98.9k), Morocco (86.1k), Mexico (71.9k), etc.

Security Officer Comments:
As mentioned above, the devices being targeted are primarily edge security appliances, including firewalls, VPNs, and gateways. These appliances are often exposed to the internet and, in some cases, may remain unpatched against known vulnerabilities, allowing attackers to exploit them for initial access to victim environments. The devices carrying out these attacks are primarily MikroTik, Huawei, Cisco, Boa, and ZTE routers, as well as IoT devices, which are often compromised by large malware botnets. ShadowServer noted that the attacking IP addresses are dispersed across various networks and Autonomous Systems, suggesting the involvement of a botnet or an operation linked to residential proxy networks.

Suggested Corrections:
Organizations should regularly patch vulnerabilities impacting edge security appliances, such as firewalls, VPNs, and gateways, while implementing strong, unique passwords and enabling multi-factor authentication wherever possible. Reducing internet exposure, implementing network segmentation, and securing remote access through VPNs are crucial steps in preventing potential intrusions. Furthermore, limiting requests or actions from specific IP addresses or devices, along with monitoring traffic for unusual patterns, can help identify brute force attempts early. Blocking suspicious IPs linked to botnets, securing IoT devices, and regularly reviewing device configurations and access logs can also be effective in minimizing the risk of device and network compromise.

Link(s):
https://www.bleepingcomputer.com/ne...ck-uses-28-million-ips-to-target-vpn-devices/

Contact Us for Threat Assistance
Back to Current Threats