Telephone: 1-844-NETIZEN
Tel: 1-844-NETIZEN
Email: team (at) Netizen.net
slider

Netizen: Monday Security Brief (2/10/2024)

Posted on 10 Feb 2025 at https://www.Netizen.net/news Source Link: https://blog.netizen.net

Today’s Topics:

  • Massive Brute Force Attack Targets VPN Devices Using 2.8 Million IPs
  • Hospital Sisters Health System Data Breach Exposes Personal Information of 883,000 Individuals
  • How can Netizen help?

Massive Brute Force Attack Targets VPN Devices Using 2.8 Million IPs

A widespread brute force attack has been detected, involving nearly 2.8 million unique IP addresses in an attempt to compromise credentials for networking devices, including those from well-known vendors like Palo Alto Networks, Ivanti, and SonicWall.

Brute force attacks occur when attackers try multiple username and password combinations until they find the correct one. Once successful, the attacker gains unauthorized access to the device or network, potentially leading to serious security breaches.

According to The Shadowserver Foundation, a threat intelligence platform, this attack has been ongoing since last month. It has escalated significantly, with the attackers leveraging around 2.8 million distinct IP addresses every day. A majority of these addresses (1.1 million) originate from Brazil, with other notable sources including Turkey, Russia, Argentina, Morocco, and Mexico. However, the attacks have a global reach, with many countries contributing to the effort.

The devices targeted are primarily edge security devices, such as firewalls, VPNs, and gateways, which are often exposed to the internet to allow remote access. The attackers are using compromised devices, including MikroTik, Huawei, Cisco, Boa, and ZTE routers, as well as IoT devices. These devices are commonly hijacked by large malware botnets.

The Shadowserver Foundation confirmed that the attack has been progressing for some time but has recently grown in scale. The attacking IP addresses are distributed across various networks and Autonomous Systems, indicating that the operation is likely backed by a botnet or a group utilizing residential proxy networks.

Residential proxies are IP addresses assigned by Internet Service Providers (ISPs) to regular consumer customers. These proxies are increasingly used in cybercrime operations, including data scraping, bypassing geo-restrictions, ad verification, and ticket scalping. Since residential proxies route traffic through home networks, they appear to be legitimate users, making it more difficult to detect malicious activity.

Devices targeted in this attack, such as gateways, could potentially serve as proxy exit nodes for cybercriminals. These nodes are highly valued because they use the trusted reputation of enterprise networks, making malicious traffic harder to identify and block.

To protect edge devices from these types of brute force attacks, experts recommend several steps. Changing the default admin password to a strong, unique one is crucial. Enforcing multi-factor authentication (MFA), using an allowlist of trusted IPs, and disabling unnecessary web admin interfaces can also help prevent unauthorized access. Regularly updating device firmware and applying security patches is essential to close vulnerabilities that attackers might exploit.

In related incidents, last April, Cisco warned of a similar brute force campaign targeting a variety of devices from Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti. In December, Citrix issued a warning about password spray attacks targeting Citrix Netscaler devices worldwide.

Hospital Sisters Health System Data Breach Exposes Personal Information of 883,000 Individuals

A significant cyberattack in August 2023 severely disrupted operations at Hospital Sisters Health System (HSHS), compromising the personal data of approximately 883,000 individuals.

The breach, which began on August 27, 2023, led to widespread outages that affected internal systems, communication platforms, phone lines, applications, and the hospital’s website, as well as the MyChart and MyPrevea services. The disruption lasted several days, forcing all 15 HSHS hospitals in Wisconsin and Illinois, alongside Prevea Health clinics, to implement emergency downtime protocols. Despite the technical issues, patient care continued without interruption.

An investigation into the attack revealed that hackers gained access to the healthcare system’s network from August 16 to August 27, during which they accessed sensitive files containing personal data. The potentially compromised information includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, treatment details, and health insurance information.

While HSHS began notifying affected individuals in October 2023, it wasn’t until August 2024, a full year after the breach, that the healthcare provider was able to confirm the scale of the incident. In September 2024, HSHS issued an open letter acknowledging that some affected patients had been targeted in fraud schemes by individuals posing as HSHS representatives.

This week, HSHS notified the Maine Attorney General’s Office that the breach had impacted 882,782 people. In response, HSHS is offering free identity theft protection and credit monitoring services to those affected by the breach.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

News and Updates

Sign up to get the latest news and threat briefs:

Get in Touch

Telephone: 1-844-NETIZEN
Email: Team (at) Netizen.net
Office Locations:
Allentown, PA (Headquarters)
 Arlington, VA (DC Region)
 Charleston, SC (Southeast Region)

Connect With Us

    Facebook
    Twitter
    LinkedIn
    Instagram
    GitHub
    YouTube

Copyright © Netizen Corporation. All Rights Reserved.