Millions of IP addresses leveraged in ongoing brute force intrusion

Various networking devices, including those from SonicWall, Ivanti, and Palo Alto Networks, have been subjected to a massive brute force password intrusion involving up to nearly 2.8 million IP addresses daily that has been underway since last month, according to BleepingComputer.

Brazil accounted for most of the attacking IP addresses, which were primarily from MikroTik, Cisco, Huawei, ZTE, and Boa routers and Internet of Things devices, reported The Shadowserver Foundation, which noted the existence of the erring IP addresses across several networks and autonomous systems. Organizations have been urged to better defend themselves against brute force attacks by adopting more robust admin credentials and multi-factor authentication, as well as deactivating unneeded web admin interfaces, implementing an allowlist of trusted IP addresses, and ensuring up-to-date device firmware and security updates. Such a development comes nearly a year after Cisco, Fortinet, SonicWall, CheckPoint, and Ubiquiti devices were reported by Cisco Talos to have been targeted by a sweeping credential brute force attack.