Cisco Sounds Alarm on Global Rise in Brute-Force Attacks Targeting VPN and SSH Services

April 17, 2024

Cisco has raised an alarm about a significant rise in brute-force attacks globally since March 18, 2024. These attacks are focused on various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services. According to Cisco Talos, these attacks seem to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies.

Successful attacks could lead to unauthorized access to networks, account lockouts, or even denial-of-service conditions, warns the cybersecurity firm. The attacks are broad and opportunistic, targeting a wide range of sectors across different geographical locations. The brute-forcing attempts use both generic and valid usernames specific to organizations.

The source IP addresses for the traffic are commonly associated with proxy services such as TOR, VPN Gate, IPIDEA Proxy, BigMama Proxy, Space Proxies, Nexus Proxy, and Proxy Rack, among others. The full list of indicators linked with the activity, including the IP addresses and the usernames/passwords, can be accessed here.

This development comes as Cisco, a major networking equipment manufacturer, warned of password spray attacks targeting remote access VPN services as part of what it described as 'reconnaissance efforts.' It also follows a report from Fortinet FortiGuard Labs that threat actors are still exploiting a now-patched security flaw affecting TP-Link Archer AX21 routers (CVE-2023-1389, CVSS score: 8.8) to deliver DDoS botnet malware families like AGoent, Condi, Gafgyt, Mirai, Miori, and MooBot.

'As usual, botnets relentlessly target IoT vulnerabilities, continuously attempting to exploit them,' security researchers Cara Lin and Vincent Li said. 'Users should be vigilant against DDoS botnets and promptly apply patches to safeguard their network environments from infection, preventing them from becoming bots for malicious threat actors.'

The article also includes promotional content about data protection on the Atlassian Cloud, updating and automating outdated security processes, and proactive threat hunting tips from industry experts. It also promotes a live webinar exploring the latest in DDoS attack tactics and how to protect businesses from advanced DDoS threats.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.