Security News > 2024 > March > Cisco warns of password-spraying attacks targeting VPN services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN services configured on Cisco Secure Firewall devices.
The company says that the attacks have also been targeting other remote access VPN services and appear to be part of reconnaissance activity.
During a password-spraying attack, an adversary tries the same password with multiple accounts in an attempt to log in.
Cisco's mitigation guide lists indicators of compromise for this activity to help detect the attacks and block them.
' The connection is based on the particular targeting scope and attack patterns.
The attacks that Martin observed initially targeted SSLVPN appliances from Fortinet, Palo Alto, SonicWall, and Cisco but have now expanded to also include web apps that use Active Directory for authentication.
News URL
Related news
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Cisco warns of CSLU backdoor admin account used in attacks (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)