Hackers Attacking Web Login Pages of Popular Firewalls for Brute-Force Attacks

In recent weeks, ShadowServer has observed a significant rise in brute-force attacks targeting web login pages of edge devices, with honeypot data revealing up to 2.8 million IPs involved daily. 

These attacks, primarily originating from Brazil, are aimed at devices such as firewalls, VPNs, and IoT systems from vendors like Palo Alto Networks, Ivanti, and SonicWall.

The Shadowserver Foundation’s Honeypot HTTP Scanner Events Report notes that attackers are leveraging known vulnerabilities (CVE identifiers) and exploiting weak credentials to gain unauthorized access.

Brute-Force Techniques and Tools

Brute-force attacks involve systematically guessing login credentials to gain access to systems. Cybercriminals use tools like Burp Suite and Ncrack to automate these attacks. 

Common tactics include attempting default or weak username-password combinations (e.g., “admin/admin”) and exploiting unsecured login interfaces. 

These attacks often target web-based content management systems, remote desktop protocols (RDP), and VPNs. .

Why Edge Devices Are Prime Targets

Edge devices, which operate at the boundary of networks (e.g., routers and firewalls), are critical for maintaining enterprise security. 

However, they often lack robust built-in protections and are deployed with a “set it and forget it” mentality. This makes them attractive targets for attackers seeking to establish persistent access or launch further exploits within an organization’s network. 

Recent incidents involving Ivanti VPNs and SonicWall firewalls demonstrate how vulnerabilities in these devices can lead to severe consequences, including ransomware deployment and data breaches.

Mitigation Strategies

Organizations must adopt proactive measures to defend against brute-force attacks:

• Enforce strong password policies and implement Multi-Factor Authentication (MFA).
• Use CAPTCHA challenges, monitor network activity for unusual patterns, and apply security patches.

Advanced reporting tools now provide detailed insights into attack patterns, including CVE mappings, CVSS scores, and MITRE ATT&CK techniques. Such intelligence enables organizations to better understand their threat landscape and prioritize remediation efforts.

The surge in brute-force attacks against edge device web login pages underscores the need for heightened vigilance in securing network perimeters. 

As attackers continue to exploit weak credentials and unpatched vulnerabilities, organizations must adopt comprehensive security measures to mitigate risks effectively.

PCI DSS 4.0 & Supply Chain Attack Prevention – Free Webinar