VPNs Under Siege: Brute Force Attacks on the Rise

VPNs or Virtual Private Networks provide one of the best protections online because of its ability to mask the actual IP address of the user. Through VPN, users’ real IP addresses are routed through a VPNs server - encrypting the real data in the process. Aside from security, geolocation restrictions are also bypassed.

Its usefulness in protecting online activities did not go unnoticed to hackers with bad intentions. This is the reason why VPNs have become a target of the latest string of attacks online.

Brute Force Attacks Against VPNs

Security research group Cisco Talos recently reported attacks concentrated on security protocols including VPNs. The research group “is actively monitoring a global increase in brute-force attacks against a variety of targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024.”

Brute-force attacks are extremely straightforward - it bombards the target with random usernames and passwords with the hope of logging in and accessing their sensitive data.

But this is just part of their attack. According to Cyber News, “Alternatively, to avoid being locked out of the targeted accounts due to repeated failed login attempts, the hackers can use thousands of passwords targeting just a few accounts, otherwise known as password spraying.”

Obviously, hackers have been doing their research on their targets - making them extremely dangerous because they know more about their targets and could sniff out vulnerabilities on weak username and passwords.

IP Addresses and Log-in Credentials

Cisco Talos provided further details of the attack by posting the more than 4,000 IP addresses and 2,000 username/passwords used in the attack on their github page. They also revealed that commonly targeted VPNs are Cisco Secure Firewall VPN, Mikrotik, Draytek, Ubiquiti and more. The attackers are also taking precautions by masking themselves through TOR and other proxy servers.

Protection against these types of attacks are a must as they could be costly to businesses of any size. Logging traffic to identify possible attacks as well as blocking suspicious connections are highly recommended to prevent any type of unauthorized access.

OWASP.org also recommends the use of CAPTCHA, assigning unique log-in URLs for each user, actively limiting IP addresses (whitelisting) as well as password delay authentication. These recommendations could be a challenge for network administrators given the additional security protocol it should implement but it’s nothing compared to the cost of vulnerabilities once the network is hacked.