'Cisco Warns Of Password-Spraying Attacks Targeting VPN Services' - Bleeping Computer
Portfolio Pulse from Benzinga Newsdesk
Cisco has issued a warning about password-spraying attacks targeting Remote Access VPN services on Cisco Secure Firewall devices and other VPN services. These attacks are part of reconnaissance activities and involve trying the same password across multiple accounts. Cisco provided a mitigation guide with indicators of compromise and recommendations such as enabling logging, securing VPN profiles, leveraging TCP shun, configuring ACLs, and using certificate-based authentication. Security researcher Aaron Martin linked these attacks to the 'Brutus' botnet, which initially targeted SSLVPN appliances from various companies and has now expanded to web apps using Active Directory. The botnet uses 20,000 IP addresses worldwide and rotates IPs to avoid detection. Concerns are raised about the acquisition of specific usernames, suggesting a possible undisclosed breach or zero-day exploitation. Two IPs associated with Brutus have been linked to APT29, a Russian espionage group.
March 28, 2024 | 4:50 pm
News sentiment analysis
Sort by:
Ascending
NEUTRAL IMPACT
Cisco warns of password-spraying attacks targeting its Secure Firewall devices and provides a mitigation guide. The attacks are linked to the 'Brutus' botnet and may indicate potential undisclosed breaches or zero-day exploits.
While the warning from Cisco about password-spraying attacks highlights potential security vulnerabilities in its products, the proactive release of a mitigation guide and the identification of the attacks' scope and origin (linked to the 'Brutus' botnet and potentially tied to Russian espionage group APT29) demonstrate Cisco's commitment to addressing security threats. This situation may cause short-term concern among investors and customers, but Cisco's responsive actions could mitigate negative impacts on its stock price. The relevance of this news to Cisco is direct, given that its products are targeted. The importance is high due to the potential implications of security vulnerabilities. Confidence in this analysis is based on the detailed information provided by Cisco and the security researcher.
CONFIDENCE 80
IMPORTANCE 90
RELEVANCE 100