News Post

Attackers are pummeling networks around the world with millions of login attempts

Arstechnica · 6m

Cisco's Talos security team has issued a warning about a widespread credential compromise campaign targeting various networks. The campaign involves login attempts aimed at gaining unauthorized access to VPN, SSH, and web application accounts. The attacks utilize generic usernames as well as usernames specific to targeted organizations. The compromised accounts could potentially lead to unauthorized network access, account lockouts, or denial-of-service conditions. The attacks have been increasing in intensity since March 18 and the IP addresses used in the attacks appear to originate from TOR exit nodes and other anonymizing tunnels and proxies. Cisco has provided a list of recommendations for preventing these attacks, including enabling detailed logging, securing default remote access accounts, and blocking known malicious sources.