Cisco has sounded the alarm on a widespread increase in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since March 18, 2024.
The attacks appear to originate from TOR exit nodes and other anonymizing tunnels and proxies.
Successful attacks could lead to unauthorized network access, account lockouts, or denial-of-service conditions.
Devices Under Attack:
The attacks, characterized as broad and opportunistic, have been observed targeting devices, including:
- Cisco Secure Firewall VPN
- Checkpoint VPN
- Fortinet VPN
- SonicWall VPN
- RD Web Services
- Mikrotik
- Draytek
- Ubiquiti
The source IP addresses for the traffic are commonly associated with proxy services, including TOR, VPN Gate, IPIDEA Proxy, and others.
The warning comes as Cisco cautions about password spray attacks targeting remote access VPN services as part of reconnaissance efforts.