April 17, 2024 at 04:42AM
Cisco warns of a surge in brute-force attacks targeting VPN services, web application interfaces, and SSH services, originating from TOR exit nodes and other proxy services. Various devices are being targeted across different sectors and geographies using both generic and valid usernames. Additionally, threat actors are exploiting a security flaw in TP-Link Archer AX21 routers to deliver DDoS botnet malware.
Summary of Meeting Notes:
– Cisco has warned about a surge in brute-force attacks targeting various devices and services, including VPN, web application interfaces, and SSH services, originating from TOR exit nodes and other anonymizing tunnels.
– Successful attacks could lead to unauthorized network access, account lockouts, or denial-of-service conditions.
– The attacks have been observed targeting specific devices and using both generic and valid usernames for specific organizations.
– The source IP addresses for the traffic are commonly associated with proxy services such as TOR, VPN Gate, IPIDEA Proxy, and others.
– The networking equipment major also warned of password spray attacks targeting remote access VPN services and reported the exploitation of a now-patched security flaw impacting TP-Link Archer AX21 routers to deliver DDoS botnet malware.
– Security researchers emphasized the need for users to be vigilant against DDoS botnets and promptly apply patches to safeguard their network environments.
Follow NewsroomIoT on Twitter and LinkedIn for more exclusive content.