A large-scale brute force password attack is currently underway. This attack targets a variety of networking devices, including VPNs, firewalls, and security gateways. Almost 2.8 million IP addresses are being used to breach systems from major vendors such as Palo Alto Networks, Ivanti, and SonicWall. The attack, which has been ongoing for weeks, is intensifying, according to The Shadowserver Foundation, a cybersecurity platform.
Details of the Attack
The brute force attack targets nearly 2.8 million IP addresses daily. More than 1.1 million of these addresses come from Brazil, with additional sources from Turkey, Russia, Argentina, Morocco, and Mexico. This widespread attack highlights its global reach. Attackers focus on edge security devices, such as VPNs, firewalls, and network gateways, which organizations expose to the internet for remote access.
Compromised Devices Behind the Attack
Cybercriminals are using devices from MikroTik, Huawei, Cisco, Boa, and ZTE in the attack. Malware botnets often compromise these devices. Once hijacked, attackers use them to launch various attacks, such as credential stuffing and brute force attempts.
The Role of Residential Proxies
The Shadowserver Foundation believes a botnet or residential proxy network may power this attack. Residential proxies, which are IP addresses assigned to consumers by Internet Service Providers (ISPs), allow cybercriminals to mask their activities. This makes the attack harder to detect and block. These proxies serve as high-quality exit nodes, helping attackers appear more legitimate.
How to Protect Your Devices
Organizations should take the following steps to defend against brute force attacks:
- Change Default Admin Passwords: Always replace default passwords with strong, unique ones.
- Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of protection to your devices.
- Implement IP Allowlisting: Restrict access to trusted IP addresses only.
- Disable Unnecessary Web Admin Interfaces: Turn off web interfaces when they are not needed.
- Keep Firmware Up to Date: Apply the latest security patches and firmware updates to protect against vulnerabilities.
