Security News > 2024 > April > Cisco warns of large-scale brute-force attacks against VPN services
Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide.
The researchers say the attacks started on March 18, 2024, while all attacks originate from TOR exit nodes and various other anonymization tools and proxies, which the threat actors use to evade blocks.
"Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions," warns the Cisco Talos report.
The Talos team has shared a complete list of indicators of compromise for this activity on GitHub, including the attackers' IP addresses for inclusion in blocklists and the list of usernames and passwords used in the brute force attacks.
In late March 2024, Cisco warned about a wave of password-spraying attacks targeting Remote Access VPN services configured on Cisco Secure Firewall devices.
Cisco warns of password-spraying attacks targeting VPN services.
News URL
Related news
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)