Summary: A large-scale brute force password attack is targeting networking devices, utilizing nearly 2.8 million IP addresses daily. Major vendors affected include Palo Alto Networks, Ivanti, and SonicWall, with many IPs originating from Brazil and other countries. The attack focuses on devices like firewalls and routers, often compromised by malware botnets.
Affected: Palo Alto Networks, Ivanti, SonicWall and organizations using their devices
Keypoints :
- Ongoing brute force attack using 2.8 million IP addresses to guess device credentials.
- Major sources of attack IPs include Brazil, Turkey, and Russia.
- Compromised devices often used include MikroTik, Huawei, and Cisco equipment.
- Residential proxies make attacks harder to detect by appearing as legitimate user traffic.
- Recommended protective measures include strong passwords, multi-factor authentication, and firmware updates.