An automated campaign is targeting VPN platforms like Palo Alto Networks GlobalProtect and Cisco SSL VPN with credential-based attacks, involving millions of login attempts from thousands of IPs worldwide. These attacks aim to identify weak credentials rather than exploiting specific vulnerabilities, highlighting ongoing pressure on enterprise VPN security. #GlobalProtect #CiscoSSLVPN #CredentialAttacks
Keypoints
- Credential-based attacks are targeting GlobalProtect and Cisco SSL VPNs through automated campaigns.
- Over 1.7 million login attempts were observed in a 16-hour period during the campaign.
- Most attack traffic originated from the 3xK GmbH cloud infrastructure in Germany.
- The attackers used common usernames and passwords with scripted probing methods.
- Experts recommend strengthening passwords, enabling multi-factor authentication, and monitoring for suspicious login activity.