Identity, Vulnerability Management, Network Security

VPN, SSH services targeted by widespread brute-force attack campaign

close up on man hand type password on keyboard computer desktop to access VPN mode

Numerous VPN and SSH services, including Cisco Secure Firewall VPN, SonicWall VPN, Fortinet VPN, Check Point VPN, Miktrotik, Ubiquiti, and RD Web Services, have been subjected to a far-reaching brute-force attack campaign since March 18, reports BleepingComputer.

Intrusions part of the campaign, which were conducted through TOR, Proxy Rack, BigMama Proxy, IPIDEA Proxy, and other services, involved both valid and generic employee credentials, a report from Cisco Talos revealed.

"Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions. The traffic related to these attacks has increased with time and is likely to continue to rise," said researchers.

Such a development comes weeks after several remote access VPN services on Cisco Secure Firewall devices were reported by Cisco to have been targeted with password-spraying attacks associated with the Brutus malware botnet. Cisco is yet to confirm any link between both incidents.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.