This news article is available in audio format, click play above to listen to the article.
In recent weeks there has been an increase of brute-force assaults aimed at Virtual Private Network (VPN) services and web application authentication interfaces. Cisco, a leading technology firm, has issued a warning regarding this alarming trend, citing a significant uptick in malicious activity since at least March 18, 2024.
The attacks, believed to originate from TOR exit nodes and a variety of other anonymizing tunnels and proxies, pose a serious threat to cybersecurity. By leveraging commonly used login credentials and generic usernames, threat actors have been attempting to breach security defenses of various devices and services. Cisco listed affected VPN services such as Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, and SonicWall VPN, among others.
In a recent Cyber Security Tribe report Dr. Luis O. Noguerol explores the contradictions of VPN security and the report reveals the vulnerabilities and risks of VPNs, offering a framework for mitigating these dangers.
An Increase in Brute-Force Attempts
According to Cisco's advisory, the brute-force attempts have escalated over time, leading to concerns of unauthorized network access, account lockouts, and potential denial-of-service (DoS) scenarios. The indiscriminate nature of these attacks suggests that they are not specifically targeted at any particular region or industry, raising fears of widespread vulnerability across digital infrastructure.
What sets these attacks apart is the utilization of proxy services, making it challenging to trace the origins of the malicious activity. Among the proxy services identified are TOR, VPN Gate, IPIDEA Proxy, BigMama Proxy, Space Proxies, Nexus Proxy, and Proxy Rack. However, Cisco emphasizes that the list is non-exhaustive, with the possibility of additional services being exploited by threat actors.
In response to the escalating threat, organizations are urged to remain vigilant and take proactive measures to safeguard their networks. Cisco provided a series of recommendations against password spray attacks impacting remote access VPN services and has taken action by adding known associated IP addresses to their blocklist. However, it is crucial to recognize that the source IP addresses are likely to change as attackers adapt their tactics.
