• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • ๐ŸŽ‰ WHV has crossed 72000 (72k) monthly views (unique) and 272000 clicks per month, as per Google Analytics! Thank you for your support! ๐ŸŽ‰

Password Spraying Attacks Target Cisco SSL and PAN GlobalProtect VPN Gateways

johny899

Member
Content Writer
Messages
1,068
Reaction score
3
Points
43
Balance
$121.0USD
Hackers are attempting new ways to gain access to business networks. The most recent method to be introduced is known as "Password Spraying". It is primarily aimed at Cisco's SSL VPN and Palo Alto Network's Global Protect Gateways. Therefore, if you utilize either of these VPNs, this is something you should be aware of.

Whatโ€™s Happening?​

On December 11th, GreyNoise published that they had seen a marked increase in login attempts. In just 16 hours, cybercriminals produced an astonishing 1.7 million login attempts on these two VPNs, with more than 10,000 IP addresses across the United States, Mexico, and Pakistan.

The following day, hackers started targeting Cisco's SSL VPN Endpoints using 1,273 unique attacking IPs. All the attackers did was use the most common passwords and logged in using various accounts. These attackers also shared the same bizarre user-agent of "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0", which indicates that the attacks were automated.

Password Spraying Is Dangerous​

Instead of attempting to guess an individual's password multiple times, password spraying involves trying out a small number of widely used passwords on multiple user accounts. This method does not cause repeated failed logins that may cause the user account to trigger a lockout. Once a successful login is achieved, the attacker can easily gain access to the company's network.

How to Protect Yourself From Password Spraying Attacks​

  • Use unique, strong passwords for your VPN accounts
  • Enable (if applicable) MFA.
  • Monitor login attempts, block suspicious IP addresses
  • Look for unusual login activity from your VPN devices.
According to Palo Alto Networks, most of these attacks did not take advantage of software vulnerabilities but rather occurred due to weak credentials. The number of login attempts indicates that hackers are serious about gaining access to user accounts. When you log into your VPN next time, consider if your password is sufficiently strong.
 
You must log in or register to reply here.
Menu
Log in
Register