Security News > 2024 > March > Cisco warns of password-spraying attacks targeting VPN services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN services configured on Cisco Secure Firewall devices.
The company says that the attacks have also been targeting other remote access VPN services and appear to be part of reconnaissance activity.
During a password-spraying attack, an adversary tries the same password with multiple accounts in an attempt to log in.
Cisco's mitigation guide lists indicators of compromise for this activity to help detect the attacks and block them.
' The connection is based on the particular targeting scope and attack patterns.
The attacks that Martin observed initially targeted SSLVPN appliances from Fortinet, Palo Alto, SonicWall, and Cisco but have now expanded to also include web apps that use Active Directory for authentication.
News URL
Related news
- Cisco warns of CSLU backdoor admin account used in attacks (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- SonicWall SMA VPN devices targeted in attacks since January (source)
- SonicWall warns of more VPN flaws exploited in attacks (source)
- SonicWall urges admins to patch VPN flaw exploited in attacks (source)