Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024.
“These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies,” Cisco Talos said.
The attacks, said to be broad and opportunistic, have been observed targeting the below devices –
The development comes as the networking equipment major warned of password spray attacks targeting remote access VPN services as part of what it said are “reconnaissance efforts.”
It also follows a report from Fortinet FortiGuard Labs that threat actors are continuing to exploit a now-patched security flaw impacting TP-Link Archer AX21 routers (CVE-2023-1389, CVSS score: 8.8) to deliver DDoS botnet malware families like AGoent, Condi, Gafgyt, Mirai, Miori, and MooBot.
“As usual, botnets relentlessly target IoT vulnerabilities, continuously attempting to exploit them,” security researchers Cara Lin and Vincent Li said.
Source: https://thehackernews.com/
