A cyberattack is underway against a wide range of network devices, our colleagues at Bleeping Computer report. Since last month, peripheral security devices, such as firewalls and VPNs (Virtual Private Networks), have been subject to a wave of brute force attacks.
This type of cyberattack consists of trying multiple combinations of credentials until the right one is found. To test the combinations, cybercriminals use automated programs. This is according to data collected by a non-profit organization specializing in the fight against cybercrime, The Shadowserver Foundation.
The association has noted a "sharp increase in brute force web login attacks against peripheral devices" in recent weeks. The offensive, which has been going on for a long time, has seen a resurgence in activity. Among the hackers’ favorite targets are network devices from Palo Alto Networks, Ivanti, and SonicWall.
2.8 million IP addresses involved
The scale of the attack is particularly worrying. Connection attempts are coming from nearly 2.8 million IP addresses around the world, according to The Shadowserver Foundation. Most of the addresses come from Brazil, Turkey, Russia, Argentina, Morocco, and Mexico.
To orchestrate the attack, the hackers are mainly using devices compromised by a botnet, such as routers from MikroTik, Huawei, Cisco, Boa, and ZTE. These fell under the control of a malicious network following the deployment of malware. To achieve their goals, the virus usually exploits security vulnerabilities. This is why hackers most often target obsolete or end-of-life routers that lack security updates. Under the control of hackers, routers can be used to bombard devices with connection attempts. The botnet is one of the key weapons in the cybercriminals' arsenal.
How do hackers avoid being blocked?
In order to avoid having their attempts blocked, hackers rely on residential proxy networks. This is an IP address associated with a real user who has subscribed to an Internet service provider. This trick allows them to fool the security mechanisms that are supposed to ensure that connection requests do not come from a robot or a network of compromised devices. Unlike traditional server-based proxies, these IP addresses are harder to detect and block.
He adds that “The ability to accurately identify whether a request is coming from a residential proxy is now critical to stopping large-scale attacks, such as credential stuffing and brute force campaigns, before they succeed.”
This is not the first massive wave of attacks against network devices in recent years. Last April, Cisco already warned about a surge in brute force attacks on Cisco, CheckPoint, Fortinet, SonicWall and Ubiquiti devices around the world.
How to protect yourself against the ongoing cyberattack?
To protect your peripheral devices against brute force attacks, it is important to opt for a complex password that is difficult to guess. This precaution will put a spanner in the works for the programs used by criminals.
As Darren James, a cybersecurity expert at Specops Software, explains to Forbes, “many people still don’t change their default passwords or instead use generic, easy-to-crack credentials.” The researcher also points the finger at password recycling, a practice that is still very popular and makes life easier for cybercriminals.
Even if "cybercriminals are constantly evolving their tactics", "good password management can make the difference between staying protected and seeing your information compromised in a data breach",adds Daniel Pearson, CEO of KnownHost.
Also, it is recommended that all users enable two-factor authentication and restrict connections by allowing only certain trusted IP addresses. Finally, it is important to install all available updates. If your device is outdated, it is time to consider replacing it.
Source: Bleeping Computer
0 Comments