Security researchers have detected a “sharp rise” in brute-force attempts to hijack SonicWall and Fortinet devices, with the vast majority (88%) appearing to come from the Middle East.<\/p>\n
Barracuda said most of these attempts were unsuccessful as they were either blocked outright by security tools or directed at invalid usernames. <\/p>\n
Although these attacks may simply have been routed through servers and networks in the region, the timing would seem to coincide with US and Israeli hostilities against Iran<\/a>.<\/p>\n There have been various reports of attacks from Iranian-affiliated hackers over recent weeks, including raids against US critical infrastructure providers<\/a> and medtech firms.<\/a><\/p>\n The line between state-backed efforts and financially motivated cybercrime is increasingly blurred, as evidenced by the re-emergence of the Pay2Key ransomware group.<\/a><\/p>\n Read more on Middle East threats: Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity.<\/em><\/a><\/p>\n Edge devices<\/a> such as the VPNs and firewall appliances manufactured by vendors like SonicWall <\/a>and Fortinet <\/a>are a popular target for attack given that they are internet-facing but also provide a foothold inside corporate networks.<\/p>\n Barracuda said over half (56%) of all confirmed incidents from February to March related to this type of brute-force attack.<\/p>\n “Attackers are aggressively scanning and testing perimeter devices for weak or exposed credentials,” warned Barracuda senior cybersecurity analyst, Laila Mubashar. “Even when attacks fail, persistent probing raises the risk that a single weak password or misconfiguration could lead to compromise.”<\/p>\n She urged organizations to:<\/p>\n Barracuda also sounded the alarm over a surge in a category of social engineering attacks known as “ClickFix,”<\/a> in which users are tricked into copying and executing a malicious script in a bid to fix a non-existent technical issue.<\/p>\n Mubashar explained that such attacks exploit user trust and anxiety.<\/p>\n “The attackers use familiar elements and language such as pop-ups, prompts and running a fix,” she added. “Because ClickFix attacks rely on duping users into adding malicious commands themselves, such attacks are harder for automated security systems to spot.”<\/p>\n\n
Rise in ClickFix Attacks<\/strong><\/h2>\n