A surge in suspicious scans targeting Palo Alto Networks login portals suggests reconnaissance activities by threat actors. Researchers warn that these scans, which increased dramatically in October, could precede targeted attacks. #GreyNoise #PaloAltoNetworks
Keypoints
- There has been a 500% increase in IP activity targeting Palo Alto Networks systems.
- Most of the suspicious IPs originate from the U.S., with smaller clusters in other countries.
- Over 91% of the IP addresses involved were classified as suspicious, and 7% as malicious.
- GreyNoise warns that such scans often signal preparation for exploits like zero-days or n-days.
- Exploitation attempts on Grafanaโs CVE-2021-43798 vulnerability have also been observed from IPs mostly in Bangladesh.