In recent weeks, ShadowServer has observed a significant rise in brute-force attacks targeting web login pages of edge devices, with honeypot data revealing up to 2.8 million IPs involved daily.
These attacks, primarily originating from Brazil, are aimed at devices such as firewalls, VPNs, and IoT systems from vendors like Palo Alto Networks, Ivanti, and SonicWall.
The Shadowserver Foundation’s Honeypot HTTP Scanner Events Report notes that attackers are leveraging known vulnerabilities (CVE identifiers) and exploiting weak credentials to gain unauthorized access.
More Info