Security News > 2024 > March > Cisco warns of password-spraying attacks targeting VPN services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN services configured on Cisco Secure Firewall devices.
The company says that the attacks have also been targeting other remote access VPN services and appear to be part of reconnaissance activity.
During a password-spraying attack, an adversary tries the same password with multiple accounts in an attempt to log in.
Cisco's mitigation guide lists indicators of compromise for this activity to help detect the attacks and block them.
' The connection is based on the particular targeting scope and attack patterns.
The attacks that Martin observed initially targeted SSLVPN appliances from Fortinet, Palo Alto, SonicWall, and Cisco but have now expanded to also include web apps that use Active Directory for authentication.
News URL
Related news
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)