SurePassID has been monitoring the brute force attack flooding that has been underway and recently made cybersecurity headlines:
- Large Scale Brute Force Attacks Disrupt SSH and VPN Services (Spiceworks, April 17)
- Cisco Warns of Large Scale Brute Force Attacks Against VPN Services (Bleeping Computer, April 17)
The good news? You are protected with SurePassID. However, there are important things to know, ramifications to understand, and actions to take.
BRUTE FORCE ATTACK FLOODING – WHAT IS IT?
Brute force attacks rely on random login credentials – usernames and passwords – to gain access to user accounts. Attackers will feed lists of real user credentials, obtained via security breaches or the dark web, to bots that do the actual attacking. Bots will then go after targets and try the lists of credentials, notifying the attackers if they gain access. Flooding is when these brute force attacks are done nonstop over an extended period, in this case a month or more.
Once the attackers gain access to a user account, they have breached an organization’s perimeter. Then the attackers seek to use RDP and other methods to move laterally, escalate privileges, and compromise systems and data.
TARGETED VPN VENDORS – ARE YOU AT RISK?
You are likely being targeted by this brute force attack flooding if you use VPNs from any of the following vendors or services:
- Cisco Secure Firewall VPN
- Checkpoint VPN
- Fortinet VPN
- SonicWall VPN
- RD Web Services
- Mikrotik
- Draytek
- Ubiquiti
YOU ARE PROTECTED BY SUREPASSID – BUT THERE ARE OTHER RAMIFICATIONS
Brute force attack flooding is defeated by the multi-factor authentication (MFA) provided by SurePassID. We enforce a second factor – typically a one-time password (OTP) via OATH or PIN code/biometric via FIDO2 – for login to user accounts, including VPNs. Without that second factor, no attacker can brute force attack your user accounts and breach your perimeter.
However, there are other ramifications to the brute force attack flooding that impact both you and us.
RAMIFICATIONS FOR YOU
Potential ramifications you may face include:
- Denial of services due to firewalls getting overload and/or valid requests being denied due to delays in responses.
- Attackers gleaning information such as a valid usernames for use in future attacks.
- Potential exhaustion of disk resources for on-premise instances of SurePassID due to logging all brute force attacks.
RAMIFICATIONS FOR SUREPASSID
Customers value SurePassID for our industry-best logging and audit trail. However, logging the full details of every attempted user authentication means writing to our database – which grows exponentially during brute force attack flooding.
Consequently, SurePassID will periodically remove these spurious log entries from our SurePassID Cloud Essential and Enterprise audit trails.
NEXT STEPS
Contact your VPN Vendor/IT Managed Service Provider to enable their features that prevent the following attacks:
- Brute Force Attack Flooding
- Denial of Service Attacks
- Password Spraying
If you have any further questions, we are here to help.
Best regards,
The SurePassID Team