Cisco warns of large-scale brute-force attacks against VPN services
BleepingComputer
|
Summary
Cisco has issued a warning about an extensive brute-force attack campaign targeting VPN and SSH services across multiple device platforms including Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti. Initiated on March 18, 2024, these attacks utilize a combination of legitimate and generic employee usernames, employing anonymization tools such as TOR and various proxies to avoid detection. The assailants attempt to crack device or network access credentials which may lead to unauthorized access, account lockouts, or denial-of-service scenarios. Cisco Talos has also shared indicators of compromise on GitHub, which includes attacker IP addresses and the usernames/passwords used, to help mitigate this threat.
