Security experts have observed a notable rise in brute-force attacks aimed at SonicWall and Fortinet devices, with a significant portion of these attacks appearing to originate from the Middle East. The majority of these attempts have been thwarted by security measures or were directed at incorrect usernames. However, the timing of these attacks aligns with ongoing hostilities between the US, Israel, and Iran, suggesting potential geopolitical motivations behind the cyber activities.
Recent reports have highlighted various cyberattacks linked to Iranian-affiliated hackers, targeting US critical infrastructure and medical technology firms. The distinction between state-sponsored cyber operations and financially driven cybercrime is becoming increasingly blurred. This is exemplified by the resurgence of the Pay2Key ransomware group, which has been active in the region. Edge devices such as VPNs and firewall appliances from vendors like SonicWall and Fortinet are particularly attractive targets due to their internet-facing nature and their role as entry points into corporate networks.
Barracuda Networks reported that over half of the confirmed incidents from February to March were related to these brute-force attacks. Attackers are actively scanning and testing perimeter devices for weak or exposed credentials, according to Barracuda’s senior cybersecurity analyst, Laila Mubashar. Even unsuccessful attacks pose a risk, as persistent probing could eventually exploit a weak password or misconfiguration, leading to a potential breach.
To counter these threats, organizations are urged to implement robust security measures. This includes enforcing strong, unique passwords on all network and security devices, enabling multi-factor authentication on VPNs, firewalls, and remote access services, and monitoring for repeated failed login attempts. Additionally, restricting management interfaces to trusted IP ranges can further enhance security.
In addition to brute-force attacks, Barracuda has also warned about a rise in social engineering attacks known as “ClickFix.” These attacks deceive users into executing malicious scripts under the guise of fixing non-existent technical issues. To combat such threats, organizations should focus on improving end-user education, limiting the ability to run scripts or command-line tools, and deploying monitoring tools to detect unusual behavior.
Source: https://www.infosecurity-magazine.com/news/researchers-surge-bruteforce/