A new large-scale brute force attack has been discovered, affecting networking devices worldwide. The attack involves a staggering 2.8 million IP addresses, which are being used to try and crack login credentials for various devices.
This type of attack occurs when cybercriminals attempt to guess the correct login details by repeatedly trying different combinations of usernames and passwords. Once they successfully obtain the right credentials, the attackers can take control of the device or access the network.
According to cybersecurity researchers, this attack has been active since last month and involves 2.8 million different IP addresses. The majority of these IPs are located in Brazil, followed by Turkey, Russia, Argentina, Morocco, and Mexico, although attackers from various other countries are also participating.
The targeted devices are edge security equipment, which includes firewalls, VPNs, gateways, and other similar security appliances. These devices are often exposed to the internet to enable remote access. The attack is primarily focused on routers and IoT devices from companies like MikroTik, Huawei, Cisco, Boa, and ZTE. These devices are commonly hacked and added to large botnets that carry out cyberattacks.
A Possible Botnet Operation
Experts believe that this brute force attack might be part of a larger botnet operation. Research indicates that the attack spreads across multiple networks and Autonomous Systems, which strongly suggests that it could involve a botnet or a network related to residential proxy services.
Residential proxies are commonly used by cybercriminals to carry out illegal activities such as web scraping, bypassing geo-restrictions, ad fraud, and even ticket scalping. These proxies provide IP addresses assigned to regular consumer customers by ISPs, making it harder for security systems to detect and block them. Instead of appearing as a bot or hacker, the malicious traffic seems to come from ordinary home users.
Gateway devices, which are often targeted in these attacks, could also be used as proxy exit nodes in such operations. By doing this, they pass harmful traffic through an organization’s network, making it more difficult to identify and stop the attack. This is especially true for high-quality nodes, as organizations with reputable network systems are often targeted to avoid detection.
How to Protect Against These Attacks
To defend against brute-force attacks, organizations need to take several security steps. First, it’s important to change the default admin passwords to something unique and strong. Multi-factor authentication (MFA) should also be enforced wherever possible, and an allowlist of trusted IP addresses should be set up. Additionally, disabling web admin interfaces when not needed will help reduce the risk of exposure.
Organizations should also regularly update their devices with the latest firmware and security patches to close any vulnerabilities that attackers could exploit to gain access.
