Sunday, May 19, 2024

Cisco Warns Of Massive Brute-Force Attacks Targeting VPNs & SSH Services

Hackers use brute-force attacks since it is an uncomplicated technique to break passwords or get into systems without permission. 

By systematically trying various combinations of usernames and passwords, attackers can exploit weak credentials.

Brute-force attacks are automated and scalable, enabling hackers to compromise multiple accounts or systems in a relatively short time.

Cybersecurity researchers at Cisco recently warned of massive brute-force attacks targeting VPNs and SSH services.

Cisco: Massive Brute-Force Attacks

Cisco Talos appreciates the contributions of Brandon White, Phillip Schafer, Mike Moran, and Becca Lynch for identifying a worldwide increase in brute force attacks on VPNs, web authentication portals, and SSH services since at least March 18th, 2024.

Free Live Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here

All these attacks originate behind TOR exit nodes and other anonymizing proxies and tunnels.

However, due to this reason, Cisco Talos is currently observing this widespread campaign.

These brute force attacks, which depend on the targeted environment, may result in unauthorized network access, account lockouts, and denial-of-service conditions. 

Traffic volumes associated with this campaign have steadily increased since March, and this trend will probably continue.

This campaign affects other services as well; however, certain services have been identified as being affected.

Here below, we have mentioned all the services that are affected:-

  • Cisco Secure Firewall VPN 
  • Checkpoint VPN  
  • Fortinet VPN  
  • SonicWall VPN  
  • RD Web Services 
  • Miktrotik 
  • Draytek 
  • Ubiquiti 

Besides this, brute-force attempts leveraged both generic and organization-specific valid usernames. 

The targeting appears indiscriminate and does not focus on any particular region or industry.

The traffic sources are commonly proxy services, including but not limited to those listed below:-

  • TOR   
  • VPN Gate  
  • IPIDEA Proxy  
  • BigMama Proxy  
  • Space Proxies  
  • Nexus Proxy  
  • Proxy Rack

The given proxy services are employed as non-exclusive sources of traffic, whereas the attackers may use other ones. 

Talos has blacklisted known associated IP addresses due to an enormous traffic surge, although source IPs will probably be changed. 

Mitigation steps vary depending on the affected VPN solution, as these brute-force attacks aim at different types of VPN, web authentication portals, and SSH services.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Website

Latest articles

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make...

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles