The past four weeks have seen a sharp global increase in ‘brute force’ attacks on virtual private network (VPN) services, which supply private networks using encryption over the internet. ‘Brute force’ attacks use trial and error to crack passwords, login credentials, and encryption keys. New life has been breathed into what is an old hacking technique with widely available software using artificial intelligence (AI) that can carry out large numbers of attempts automatically.
Cisco Talos Intelligence Group reports a sharp rise worldwide in this type of attack against targets, including virtual private network (VPN) services and web authentication interfaces.
“Cisco Talos has been actively monitoring a global increase in brute-force attacks against a variety of targets, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services since at least March 18, 2024. The traffic related to these attacks has increased with time and is likely to continue to rise,” predicts Cisco Talos
These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies. Depending on the target environment, successful attacks of this type may lead to unauthorized network access, account lockouts, or denial-of-service conditions. VPN services so far affected include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Miktrotik, Draytek, and Ubiquiti.
Attacks indiscriminately target VPN users
According to Cisco Talos, the targeting of these attacks appears to be indiscriminate and not directed at a particular region or industry. The rise in ‘brute force’ attacks is equally bad news for legitimate VPN users and for cybercriminals. There are many legitimate reasons for using VPNs. Many people are increasingly wary not only of state surveillance of internet activity but also of increasingly sophisticated surveillance by commercial entities.
However, VPNs also provide a smokescreen for countless nefarious activities. These range from accessing hard-core porn websites to carrying out financial fraud and other crimes on an industrial scale. Although the main driver behind the dramatic ‘brute force’ attacks is criminally-minded hackers bent on committing fraud, AI-driven hacks of this type will also be a boon to law enforcement investigators, who have long been frustrated by the wall of invisibility VPNs offer criminal groups who wish to keep their identities secret.
