Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Credential spraying from thousands of IP addresses are targeting VPNs, Cisco warns

Password Security.

For a month now, hackers have been mounting a large-scale credential stuffing attack against multiple Virtual Private Network (VPN) instances around the world. At the moment, it’s hard to say who is behind the attack, or what the motives are, but researchers have some clues.

As reported by Ars Technica, Cisco’s Talos security team recently warned of an ongoing campaign in which attackers keep trying more than 2,000 usernames and some 100 passwords against different VPNs. Some of the products in the attackers’ crosshairs include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Mikrotik, Draytek, and Ubiquiti, however others could be targeted, as well.

The victims are scattered all over the world, and operate in various verticals, prompting the researchers to conclude that the attackers don’t have a preferred target, but are rather casting as wide of a net as possible.

Growing in strength

“Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions,” the researchers said in their report. “The traffic related to these attacks has increased with time and is likely to continue to rise.”

While the evidence is inconclusive, the researchers believe this could be the work of the same threat actor that targeted Cisco a few weeks back. They are basing this assumption on the facts that there are “technical overlaps” in how the attacks were conducted, and that in both instances, the same infrastructure was used. In the Cisco campaign, the goal was reconnaissance, so the speculation is that it’s the same this time around.

The IP addresses found from the previous attack were already added to Cisco’s block list for its VPN, and organizations worried about these attacks are advised to do the same, for any third-party VPN they have deployed.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.