Massive Brute Force Attack Uses 2.8 Million IPs to Target VPN Devices

What You Need to Know

A large-scale brute force password attack is underway, using nearly 2.8 million IP addresses to guess credentials for networking devices from Palo Alto Networks, Ivanti, and SonicWall.

What is a Brute Force Attack?

A brute force attack involves repeatedly trying different usernames and passwords to gain access to an account or device. Once successful, threat actors can hijack the device or network.

The Scale of the Attack

The Shadowserver Foundation reports that this attack has been ongoing for a month, using about 2.8 million IPs daily, mainly from Brazil, Turkey, Russia, Argentina, Morocco, and Mexico. The compromised devices are mostly MikroTik, Huawei, Cisco, Boa, and ZTE routers and IoT devices.

The Impact on Security Devices

These attacks target edge security devices like firewalls, VPNs, and gateways, often exposed to the internet. The attacking IPs are likely part of a botnet or residential proxy networks, which are frequently used in cybercrime.

Protecting Your Devices

To protect against brute-force attacks:

• Use a strong, unique admin password.
• Implement multi-factor authentication (MFA).
• Maintain an allowlist of trusted IPs.

Enhancing Security with CIS FireSense FaaS

CIS FireSense FaaS allows us to configure GeoIP WAN blocking on Open Ports, such as Remote Access VPN Services, enhancing security and increasing uptime.

To find out more, please get in touch via our contact page or connect with CLICK HERE -Phil Saville on LinkedIn to see how we help other organisations.