CTOLCTOL Solutions
CTOL Digital SolutionsCTOL Digital Solutions FRCTOL Digital Solutions DACHCTOL 디지털 솔루션希图科技
News
Services CIO/CTO AdvisoryCloud ComputingDigital Marketing and SalesData Science and Business IntelligenceGenerative AI for BusinessWeb3 and Defi for EnterpriseWeb and Mobile Apps DevelopmentDigital Business ConsultancyLegacy App ModernizationWeb Design and User Experience
Industries Aerospace and DefenseAutomotiveBankingCapital MarketsCommunications and MediaConsumer Goods and ServicesEnergyHealth and Health CareInternetManufacturingInsurancePublic & Social SectorRetailTravelTelecommunicationsPharmaPrivate Equity & venture CapitalEducationOil and GasReal EstateConstruction and Building MaterialLegal ServicesGastronomy and Hospitality
InsightsSoftwareAI Tools
Contact Us
Talos Security Team Warns of Large-Scale Credential Compromise on VPNs and Web Applications

Talos Security Team Warns of Large-Scale Credential Compromise on VPNs and Web Applications

By
Santiago López
2 min read
TelecommunicationsInternetAI

Cisco's Talos security team has warned of a large-scale credential compromise campaign targeting VPNs, SSH, and web applications. Operations involve nearly 4,000 IP addresses, with the attacks showing an uptick in traffic over time. As the attacks began no later than March 18, the services targeted in this campaign include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, and more. To prevent the attacks from succeeding, Cisco has provided a comprehensive list of recommendations including enabling detailed logging and implementing control plane access control lists.

Key Takeaways

  • Large-scale credential compromise campaign targets VPNs, SSH, and web apps, originating from nearly 4,000 IP addresses.
  • Attacks are indiscriminate and opportunistic, using both generic and valid usernames, posing risk of unauthorized network access and denial-of-service conditions.
  • Previous warning from Cisco about a similar attack campaign targeting remote access VPNs, with technical overlaps and infrastructure similarities.
  • Services targeted in the campaign include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, and more.
  • Cisco provides recommendations for preventing attacks, such as detailed logging, securing default remote access accounts, and using certificate-based authentication for VPNs.

Analysis

The widespread credential compromise campaign targeting VPNs, SSH, and web applications, as identified by Cisco's Talos security team, is expected to have far-reaching impacts. Organizations relying on the affected services, including Cisco Secure Firewall VPN, Checkpoint VPN, and Fortinet VPN, may face unauthorized network access and denial-of-service conditions. The indiscriminate and opportunistic nature of the attacks raises concerns about the security of sensitive data. In the short term, there may be disruptions in network access and potential data breaches. In the long term, organizations may need to increase their investment in cybersecurity measures and implement more robust authentication protocols to prevent future attacks. Countries and financial institutions relying on these services may also experience disruptions and increased security concerns.

Did You Know?

  • Large-scale credential compromise campaign: This refers to a coordinated and widespread effort to steal login credentials (such as usernames and passwords) from various sources, targeting virtual private networks (VPNs), secure shell (SSH), and web applications.
  • Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN: These are different types of virtual private network (VPN) services provided by various companies. VPNs are used to create a secure and encrypted connection over a less secure network, like the internet. They are commonly used for remote access to a company's internal network.
  • Implementing control plane access control lists: Control plane access control lists (ACLs) are used in networking to control the traffic that is allowed to reach a device's control plane, which is responsible for managing the device's operations. By implementing control plane ACLs, organizations can restrict the types of traffic that are permitted to interact with the control plane, thereby enhancing network security.

You May Also Like

This article is submitted by our user under the News Submission Rules and Guidelines. The cover photo is computer generated art for illustrative purposes only; not indicative of factual content. If you believe this article infringes upon copyright rights, please do not hesitate to report it by sending an email to us. Your vigilance and cooperation are invaluable in helping us maintain a respectful and legally compliant community.

Subscribe to our Newsletter

Get the latest in enterprise business and tech with exclusive peeks at our new offerings