VPNs are being targeted in a mass-scale, brute force password attack that has seen almost 2.8 million IP addresses being used.
Hackers have been attempting to access a wide range of networking devices, with Palo Alto Networks, Ivanti, and SonicWall in the firing line.
The attack is reported to have first emerged in January but has since ramped up its efforts. However, at this stage, none of the best VPNs appear to be affected.
Attack details
The attack is known as a brute force attack, which is where hackers attempt to repeatedly log into an account or device using a range of usernames and password combinations until the correct ones are found.
With the correct combination of details, hackers can gain access to the network, steal data, or hijack devices. As well as VPNs, gateways, firewalls, and other edge security devices are being targeted.
The Shadowserver Foundation is a threat monitoring platform, and has reported that the attack first began in January, with up to 2.8 million sourced IP addresses being used daily to undertake the attack.
Large increase in web login brute forcing attacks against edge devices seen last few weeks in our honeypots, with up to 2.8M IPs per day seen with attempts (especially Palo Alto Networks, Ivanti, SonicWall etc). Over 1M from Brazil. Source IPs shared in https://t.co/kapIq2pIBI pic.twitter.com/LMhFEvAEELFebruary 7, 2025
Of those IP addresses, 1.1 million are from Brazil, with others from Turkey, Russia, Argentina, Morocco, and Mexico. However, this list is not exclusive and it is expected there are IP addresses from many more countries involved.
In a statement to BleepingComputer, The Shadowserver Foundation confirmed that the activity has been ongoing for a while but recently increased to a much larger scale.
The group also said it is likely botnets or residential proxy networks are being used to carry out the attacks. A botnet is when a network of computers are infected with malware and under the control of a cybercriminal.
Residential proxies are a vast network of real IP addresses provided by internet service providers (ISPs). They can be obtained and used to access the internet, using these IP addresses rather than your own.
Whilst they are not illegal, they are often sought out by cybercriminals and used for malicious purposes. The activity linked to the IP address appears to be linked to a regular home user and not a hacker, meaning the cybercriminals can stay hidden.
Devices from Huawei, Cisco, MikroTik, Boa, as well as ZTE routers are being used to carry out the attack and have likely been compromised themselves.
Having strong passwords, as well as setting up 2-factor authentication (2FA) is a crucial step in securing your devices, regardless of whether they're for business or personal use. Passwords should be unique and feature a mixture of symbols, letters, and numbers. The best password managers are a helpful tool for secure password storage and generation.
How to protect yourself
Although business VPNs have been targeted in this attack, none of the best business VPNs were involved, and they remain a solid tool for protecting your business networks.
A strong business VPN will allow employees to securely access servers, data, and information remotely, regardless of where they are located.
Small and medium businesses are the most attractive to hackers, but businesses of all sizes can be at risk and a business VPN ensures all your data is encrypted and protected.
Business VPNs with static IP addresses are recommended and many use encrypted, cloud-based servers, protecting all your data in one place.
For individuals, all the VPNs featured in our best VPNs list are good options. Your internet traffic and personal data is protected and sent through encrypted tunnels, meaning it can't be seen by third-parties.
Good data privacy practices are still required, but VPNs offer a strong layer of protection and many come with additional cybersecurity features such as threat protection, antivirus, and password managers.
If you want to secure your network at its source, then you may want to consider a router VPN. The best router VPNs can be installed on your home Wi-Fi router and will encrypt the data of any devices connected to it.
ExpressVPN, the best VPN for beginners, offers its Aircove router. The hardware is pre-loaded with ExpressVPN technology and is very simple to set up – an easier, albeit more expensive, option than installing a router VPN on your existing router.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
