Security News > 2024 > April > Cisco warns of large-scale brute-force attacks against VPN services
Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide.
The researchers say the attacks started on March 18, 2024, while all attacks originate from TOR exit nodes and various other anonymization tools and proxies, which the threat actors use to evade blocks.
"Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions," warns the Cisco Talos report.
The Talos team has shared a complete list of indicators of compromise for this activity on GitHub, including the attackers' IP addresses for inclusion in blocklists and the list of usernames and passwords used in the brute force attacks.
In late March 2024, Cisco warned about a wave of password-spraying attacks targeting Remote Access VPN services configured on Cisco Secure Firewall devices.
Cisco warns of password-spraying attacks targeting VPN services.
News URL
Related news
- Cisco warns of password-spraying attacks targeting VPN services (source)
- Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services (source)
- Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client (source)
- Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack (source)