Large Scale Brute Force Attacks Disrupt SSH and VPN Services
A cybersecurity team from Cisco has warned of large-scale credential brute force attacks affecting VPN and SSH services globally. Learn about the nature of the threat and its implications for web users.
- Security researchers from Cisco Talos have warned of large-scale credential brute-force cyber attacks being conducted against SSH, VPN, and web application services worldwide.
- The attacks have disrupted several organizations through account lockouts, unauthorized network access, and denial of service.
Cisco Talos has released a threat advisory that warns organizations about large-scale brute-force cyber attacks targeting SSH, VPN, and web application services worldwide. According to the report, these attacks started around March 18th, and threat actors were using approximately 4,000 IP addresses to carry out the attacks.
These brute force attacks use trial-and-error and password-spraying strategies to enter random login credentials to access accounts. Prior reconnaissance enables greater accuracy and can simultaneously target thousands of accounts. Cisco Talos has recommended that organizations block the list of suspect IP addresses and the 2000 usernames and passwords that have been noticed in these attacks.
See More: Intel and Lenovo Servers Affected by Unpatched BMC Security Flaw
According to the report, the attacks started through proxy services like TOR, Proxy Rack, VPN Gate, Nexus Proxy, and IPIDEA Proxy to make the source untraceable. The attacks affected several services, including Cisco Secure Firewall VPN, Fortinet VPN, Checkpoint VPN, RD Web Services, SonicWall VPN, Draytek, Miktrotik, and Ubiquiti. The attacks have resulted in denial of service, account lockouts, and illegitimate network access.
While the list of IP addresses used in the attacks is expected to change, measures such as securing VPN profiles and blocking connections from malicious sites will help reduce more services in the near future. Talos has also recommended organizations set up logging systems and create configurations of no logging hide username commands to identify fraudulent attempts at user logins.
What can organizations do to maintain operations during brute force attacks? Share your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
