Security News > 2024 > March > Cisco warns of password-spraying attacks targeting VPN services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN services configured on Cisco Secure Firewall devices.
The company says that the attacks have also been targeting other remote access VPN services and appear to be part of reconnaissance activity.
During a password-spraying attack, an adversary tries the same password with multiple accounts in an attempt to log in.
Cisco's mitigation guide lists indicators of compromise for this activity to help detect the attacks and block them.
' The connection is based on the particular targeting scope and attack patterns.
The attacks that Martin observed initially targeted SSLVPN appliances from Fortinet, Palo Alto, SonicWall, and Cisco but have now expanded to also include web apps that use Active Directory for authentication.
News URL
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Massive brute force attack uses 2.8 million IPs to target VPN devices (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)