Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Massive Brute Force Attack Targeting Networking Devices
A large-scale brute force attack is underway, using nearly 2.8 million IP addresses daily to target networking devices from Palo Alto Networks, Ivanti, and SonicWall. Cyber criminals are attempting to guess login credentials to gain unauthorised access to firewalls, VPNs, and security gateways, putting businesses and individuals at serious risk.
A brute force attack involves repeatedly attempting different username and password combinations until the correct credentials are found. Once attackers gain access, they can hijack devices, infiltrate networks, and deploy further cyber threats such as malware or ransomware.
According to cyber security experts at The Shadowserver Foundation, this attack has been active for over a month, originating from a wide range of countries, with the largest volume of malicious traffic coming from Brazil, Turkey, Russia, Argentina, Morocco, and Mexico.
The attack primarily targets edge security devices, which are often exposed to the internet for remote access. The compromised devices being used to conduct these attacks include routers and IoT devices from:
- MikroTik
- Huawei
- Cisco
- Boa
- ZTE
These devices are commonly exploited by large malware botnets, allowing attackers to launch cyber attacks at scale.
Security experts believe that these brute force attempts are being executed by a botnet or residential proxy network. These networks hijack compromised devices to disguise cyber criminal activity. By routing malicious traffic through home and business internet connections, attackers can bypass security filters and make their traffic appear legitimate, making it harder to detect.
Why This Threat is Serious
Organisations whose devices are compromised may unintentionally become part of a cyber criminal network, helping to facilitate fraud, data breaches, and cyber espionage. Since enterprise networks have strong reputations, attacks routed through them can evade security measures, making detection and prevention much more difficult.
How to Protect Your Network
To safeguard against brute force attacks, immediate action is required. Follow these security best practices:
- Change default admin passwords to strong, unique credentials.
- Enable Multi-Factor Authentication (MFA) for all accounts.
- Restrict access by implementing an allowlist of trusted IP addresses.
- Disable remote web admin interfaces if not required.
- Regularly update firmware and security patches to eliminate vulnerabilities.
For more detailed information, you can refer to the following publications:
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…