According to the Organization of Non-Profit protection, the weekly campaign with a brutal strength attack reached gigantic proportions.
Shadowserver Foundation reports that the campaign, which has been happening since January, covers as much as 2.8 million IP addresses a day, focused on VPN devices, firewalls and gates from suppliers similar to Palo Alto Networks, Ivanti and Sonicwall.
“The last wave of attacks of brutal forces focused on edge safety devices, as reported by Shadowserver, is a serious problem for cyber security teams,” said Brent Mayynard, senior technology and strategy safety director in the sphere of Akamai TechnologiesSupplier of content delivery services, at Cambridge, Mass.
“What distinguishes this attack is both its scale – millions of unique IPS trying to access every day – and the fact that it goes to critical security infrastructure, such as firewalls, VPN and safe gates,” said Mayynard, said Techniwswsworld.
“These are not just any devices. They are a first line defense that protects organizations against external threats. If the attacker gains control over them, he can completely bypass security checks, which leads to a violation of data, espionage and even destructive attacks. “
In the brutal attack of the waves of passwords and users’ names, the aim of logging in to detect the right login certificates. Complete -exposed devices will be used to steal data, botnet integration or illegal access to the network.
The huge threat of Botnet escalates
“This type of botnet activity is not new. However, the scale is disturbing, “noted Thomas Richards, director of network practice and red Black Duck SoftwareApplication security company in Burlington, Mass.
“Depending on the type of endangered device, the attacker can use their access to disabling access to the organization, disturb communication networks or facilitate their own access on the network,” said Richards Techniwswsworld. “Attack, even if it is unsuccessful in gaining access to devices, can cause damage, trying too many attempts to log in and block important accounts.”
Patrick Tiquet, Vice President for Safety and Architecture in Goalkeeper safetyAn organization dealing with password management and online magazines based in Chicago explained that the attacks of brutal strength are significant because they use weak or reused slogans, one of the durable gaps in the sphere of cyber security.
“In addition to the immediate loss of data, these violations can interfere with the activity, damage the reputation of the organization and destroy the trust of clients-leading to long-term financial consequences and security,” said Technewswsworld.
Erich Kron, supporter of security awareness Knowbe4The supplier of coaching in the sphere of security awareness at Clearwater, Florida, added that the source of those attacks are thousands and thousands of smaller devices spread around the globe, which makes them extremely difficult to defend.
“Many consumers have old and outdated devices in their homes connecting to the Internet,” said Kron Technicsworld. “These sensitive devices are used and used to conduct such cyber attacks.”
“Traditional approaches, such as geobling and not allowing large IP address blocks, can actually block a legal movement on the web, costing the sale of some organizations and looking as if the website was dependent on potential customers,” he said.
Attacks based on certificates are overwhelming defense
Kris Bondi, CEO and co -founder MimotoThe company detecting and responding in San Francisco stated that the campaign disclosed by Shadowserver emphasizes the susceptibility of certificates, even in security and infrastructure organizations.
“The attacks of brutal strength are automated, so they are implemented on a large scale,” said Bondi, said Technicsworld. “It’s not about whether they can enter this approach. The question is how many times the organization will be penetrated in this way and whether the security team will know when it will happen. “
Maynard Akamai explained: “Attacks no longer have to sit on the keyboard, guessing the password. They implement huge botnets that can test thousands of certificates in a few minutes. “
“By using the attack called passwords, the attackers can use the known username or e -mail address and pair it with tens of thousands of the most common software passwords, which will then try to log in to various exposed devices,” Kron Knowbe added. “Thanks to several million devices for trying these logins, the success indicator can be high.”
Bondi noticed that the number and size of brutal strength attacks are growing. “Automation and generative AI have facilitated the implementation of this type of attack,” she said.
“They hit the high susceptibility of the certificates,” she continued. “Attacks know that if they send a sufficient number of attacks, there will be a percentage. In the meantime, safety teams are overwhelmed and are not able to solve all attacks in real time, especially without additional context. “
The explosion of devices connected to the Internet and further use of poor certificates also contribute to increased attacks of brutal force.
“Thanks to remote work, intelligent devices and adoption in the cloud, more organizations are based on edge safety devices that must be available from the Internet,” said Mayynard. “This makes them natural goals.”
“Despite the years of warnings,” he added, “Many companies are still using default or weak passwords, especially on infrastructure devices.”
The role of AI in defense and prevention of cyber attack
While artificial intelligence contributes to the rise in attacks of brutal strength, it might probably also thwart them. “AI has the potential to move the game in defense against brutal strength and attacks on the stuffing,” said Mayynard.
He noticed that security teams use AI -based solutions to detect anomalies, evaluation of behavior and automation of response to attacks.
“AI is very good in detecting anomalies and designs. Therefore, artificial intelligence can be very useful to look at the login test, find a pattern and, hopefully, suggesting ways of filtering movement, “explained Kron.
Jason Soroko, senior product vp in SectigoThe global supplier of digital certificates admitted that artificial intelligence will help in defense by detecting anomal login patterns and selecting suspicious real -time activity, but informed that first strong authentication would turn into priority.
“Although strong authentication requires identity management for scaling and digital certificates and other strong asymmetrical form factors require sharing and life cycle management, they can bring very strong security benefits,” said Sorokoko Technworld.
However, Bondi predicted that AI would ultimately leave the necessity for certificates. “AI allows you to combine anomalies detecting with advanced patterns to recognize specific people, not certificates, with much lower indicators of false positives,” she said.
She added that artificial intelligence may assist in providing context with alerts that can enable security teams and react faster to real alerts while reducing false positives.
“It is expected that in the near future AI will also be able to predict the intention based on specific actions and attack techniques,” noted Bondi. “Although LLM is not yet capable, they may be in a few quarters.”
