There brute-force password attack is underway, using nearly 2.8 million IP addresses to obtain the login credentials of various VPN devices.
According to monitoring platform The Shadowserver Foundation, nearly 2.8 million IP addresses are currently being used to hack devices via a brute-force password attack. These include devices from Palo Alto Networks, Ivanti and SonicWall.
Large-scale attack
Through a brute-force attack, hackers try to log into an account or device by using many different usernames and passwords. They continue until the right combination is found. This allows them to take over the device or gain access to the network.
Most IP addresses (1.1 million) are from Brazil, followed by Turkey, Russia, Argentina, Morocco and Mexico. The hackers’ targets are “edge security devices,” such as firewalls and VPNs. These are often connected to the Internet to allow employees to work remotely. The devices carrying out the attacks are mostly routers and IoT apps from Huawei, Cisco and CTE.
To protect these devices, it is recommended to replace default admin passwords, set up multi-factor authentication (MFA) and install the latest security updates.