Security News > 2024 > April > Cisco warns of large-scale brute-force attacks against VPN services

Cisco warns of large-scale brute-force attacks against VPN services
2024-04-16 16:11

Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide.

The researchers say the attacks started on March 18, 2024, while all attacks originate from TOR exit nodes and various other anonymization tools and proxies, which the threat actors use to evade blocks.

"Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions," warns the Cisco Talos report.

The Talos team has shared a complete list of indicators of compromise for this activity on GitHub, including the attackers' IP addresses for inclusion in blocklists and the list of usernames and passwords used in the brute force attacks.

In late March 2024, Cisco warned about a wave of password-spraying attacks targeting Remote Access VPN services configured on Cisco Secure Firewall devices.

Cisco warns of password-spraying attacks targeting VPN services.


News URL

https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751