1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Credential spraying from thousands of IP addresses are targeting

    From TechnologyDaily@1337:1/100 to All on Wed Apr 17 18:15:05 2024
    Credential spraying from thousands of IP addresses are targeting VPNs, Cisco warns

    Date:
    Wed, 17 Apr 2024 18:09:26 +0000

    Description:
    Someone's targeting all sorts of VPNs with hundreds of passwords, Cisco experts warn.

    FULL STORY ======================================================================

    For a month now, hackers have been mounting a large-scale credential stuffing attack against multiple Virtual Private Network ( VPN ) instances around the world. At the moment, its hard to say who is behind the attack, or what the motives are, but researchers have some clues.

    As reported by Ars Technica , Ciscos Talos security team recently warned of
    an ongoing campaign in which attackers keep trying more than 2,000 usernames and some 100 passwords against different VPNs. Some of the products in the attackers crosshairs include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Mikrotik, Draytek, and
    Ubiquiti, however others could be targeted, as well.

    The victims are scattered all over the world, and operate in various verticals, prompting the researchers to conclude that the attackers dont have a preferred target, but are rather casting as wide of a net as possible. Growing in strength

    Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions, the researchers said in their report. The traffic related to
    these attacks has increased with time and is likely to continue to rise.

    While the evidence is inconclusive, the researchers believe this could be the work of the same threat actor that targeted Cisco a few weeks back. They are basing this assumption on the facts that there are technical overlaps in how the attacks were conducted, and that in both instances, the same infrastructure was used. In the Cisco campaign, the goal was reconnaissance, so the speculation is that its the same this time around.

    The IP addresses found from the previous attack were already added to Ciscos block list for its VPN, and organizations worried about these attacks are advised to do the same, for any third-party VPN they have deployed. More from TechRadar Pro Cisco alerts users to password-spraying attacks targeting VPN services Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/credential-spraying-from-thousands-of-i p-addresses-are-targeting-vpns-cisco-warns


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)