2.8 Million IP Addresses: The Bot Army Threatening Network Security

2.8 Million IP Addresses Used for Network Attacks - Here’s What You Should Know

Hacking through a networking device usually starts with correctly guessing the networking device’s username and password. Through sheer luck, a password may be guessed and the network hack could commence. But guessing the right combination of username and password will require millions and millions of tries which will not require time and patience but money as well.

But what if hackers actually have that resource to spend on attacking networking devices? According to Bleeping Computer, a massive attack on various network devices is being run right now with a single mission - to guess the credentials of these network devices.

Their tool? 2.8 million IP addresses and each try to force their way to the network by trying to guess the username and password. Bleeping Computer’s report was from a Twitter update from The Shadowserver Foundation which provided additional details on the attacks. The IP addresses used were mostly from Brazil with 1.1 million addresses with other countries such as Turkey, Russia, Argentina and Morocco also having thousands of IP addresses on the attacks.

Aside from IP addresses, The Shadowserver Foundation has also identified the devices used on these attacks. From January to February 2025, Mikrotik, Cisco and Huawei devices were primarily used.

Residential Proxies as Bots

A concentrated attack by 2.8 million IP addresses from around the world is catastrophic to any target, an added layer of challenge is being employed by attackers to ensure they are not detected so easily.

These attacks are most likely done by bots with automation to ensure minimal human interaction is needed that ultimately speeds up the attack. To prevent it from being detected as a bot, attacks are done through residential proxies. These are IP addresses assigned to residential users by their Internet Service Providers (ISPs) and they are often allowed to connect to websites and other online services with very minimal validation simply because they identify themselves as a basic online user.

Residential proxies are also sinister on their own because of its other uses. Aside from brute force attacks, multiple IP addresses through residential proxies can be used by scalpers to automate purchases online, data scraping or even bypassing restrictions. If you wonder why extremely popular shoes are sold out in just a few seconds, this is the type of bots they use to ensure they get to order first before any regular, human purchase.

Gateway Devices as Ultimate Target

These bots force their way to security network devices because it will allow them to operate internally with very minimal detection or if ever at all. They could work on remote access to gain sensitive information, use the network for more residential proxies as well as hide their activity within the network.

Because they operate within a network, their traffic is considered as legitimate which makes it even harder to identify attacks. Aside from gateway devices, IoT devices connected to the network could even be a source of security nightmare. A blog post by Nemko reported that an IoT device connected to Microsoft back in 2019 was hacked because of a weak security challenge for an IoT device. While detected, it was able to work its way to the internal network - all because an IoT who connects to the network and could be detected outside of it has been hacked.

Firmware and Security Updates

Stopping these types of attacks is all about prevention. Fortunately, the tried and tested method of updating your network device’s firmware as well as security updates should be more than effective in preventing most types of attacks. A robust security network with updated firmware should always be in place and network administrators have to ensure it’s up to the task in securing the network.