WordPress Sites Exploited To Brute-Force Passwords Via Users’ Browsers Duplicate 3

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024.

"These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said.

Successful attacks could pave the way for unauthorized network access, account lockouts, or denial-of-service conditions, the cybersecurity company added.

Cybersecurity
The attacks, said to be broad and opportunistic, have been observed targeting the below devices -

Cisco Secure Firewall VPN
Checkpoint VPN
Fortinet VPN
SonicWall VPN
RD Web Services
Mikrotik
Draytek
Ubiquiti
Cisco Talos described the brute-forcing attempts as using both generic and valid usernames for specific organizations, with the attacks indiscriminately targeting a wide range of sectors across geographies.

The source IP addresses for the traffic are commonly associated with proxy services. This includes TOR, VPN Gate, IPIDEA Proxy, BigMama Proxy, Space Proxies, Nexus Proxy, and Proxy Rack, among others.
The complete list of indicators associated with the activity, such as the IP addresses and the usernames/passwords, can be accessed here.
"Users should be vigilant against DDoS botnets and promptly apply patches to safeguard their network environments from infection, preventing them from becoming bots for malicious threat actors."
 

References:

https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html