ShadowServer reports a surge in brute-force attacks on edge device logins, with up to 2.8 million IPs daily, mainly from Brazil, targeting firewalls, VPNs, and IoT systems from major vendors.
The Shadowserver Foundation’s report shows attackers using known vulnerabilities and weak credentials to gain unauthorized access.
Brute-Force Techniques and Tools
Brute-force attacks use automated tools like Burp Suite and Ncrack to guess login credentials and gain access. Attackers try default or weak username-password combinations (e.g., “admin/admin”) and exploit unsecured logins. Common targets include web-based CMS, RDP, and VPNs.
Edge devices like routers and firewalls are crucial for security but often lack strong protections. Many are left unmonitored, making them easy targets for attackers to gain access and launch further exploits. Recent Ivanti VPN and SonicWall firewall breaches highlight risks like ransomware and data theft.
Mitigation
To defend against brute-force attacks, organizations should:
- Enforce strong passwords and enable Multi-Factor Authentication (MFA).
- Use CAPTCHA, monitor network activity, and apply security patches.
- Leverage advanced tools to track attack patterns, CVEs, and MITRE ATT&CK techniques for better threat management.
The rise in attacks on edge device logins highlights the need for stronger security. Organizations must stay vigilant, address weak credentials, and patch vulnerabilities to reduce risks.
Leave A Comment