April 16, 2024 By Bill Toulas
Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide.
A brute force attack is the process of attempting to log into an account or device using many usernames and passwords until the correct combination is found. Once they have access to the correct credentials, the threat actors can then use them to hijack a device or gain access to the internal network.
According to Cisco Talos, this new brute force campaign uses a mix of valid and generic employee usernames related to specific organizations.
..
..
Cisco's researchers report that the following services are being actively targeted by this campaign:
- Cisco Secure Firewall VPN
- Checkpoint VPN
- Fortinet VPN
- SonicWall VPN
- RD Web Services
- Miktrotik
- Draytek
- Ubiquiti
