Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

VPNs may become victim to password spraying attacks, Cisco alerts

Stop using weak passwords for your VPN

3 min. read

Published onMarch 29, 2024

published onMarch 29, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Cisco’s cybersecurity researchers warned about a surge in password spraying attacks targeting Virtual Private Network (RAVPN) services, including its in-house products and some third-party ones. Hackers use this technique to gain unauthorized access to many accounts or systems.

How does a password spraying attack work?

These types of attacks are considered low-risk and high-profit and, therefore, attract considerable attention. As password spraying can remove account lockout mechanisms, cyber criminals usually use it to access networks and steal personal information.

When attackers perform password spraying attacks, they make numerous login attempts with a small number of commonly used passwords across several accounts.

It helps the hackers avoid detection by evading multiple failed login attempts on a single account, which could trigger security alerts.

If the targeted device has security measures like account lockout policies that lock user accounts after several failed login attempts, these attacks can lock your accounts.

As the hackers make fewer attempts per account, it is more challenging for security systems to identify and block the attack.

When multiple accounts are locked out due to this technique, it can overwhelm system resources, disrupting legitimate users’ access to their devices.

This can result in denial-of-service (DoS)- like conditions, wherein the system becomes inaccessible because of request overload.

These attacks also serve as a reconnaissance effort for attackers, as they will identify which accounts have weak passwords or are more susceptible to this type of attack, gain insights into the security system, and exploit it in some other way.

These attacks are not directly a threat but can serve as a precursor to more sophisticated cyberattacks. It is usually used against services or systems that don’t have strong password policies or 2FA in place, making them vulnerable.

How do they affect VPN services?

VPNs provide remote access to internal networks, making them a lucrative target for attackers seeking unauthorized entry into corporate networks.

The attacks can be used for further exploitation upon successful compromise of VPN accounts. The reason for these aggravated attacks is the prevalence of reused or weak passwords in VPN services.

The cybersecurity analysts at Cisco have issued several recommendations to eliminate the risk of password spraying attacks targeting VPN services:

In addition to these, Cisoc also mentioned numerous Indicators of Compromise (IoCs):

Users attempting VPN connections with Cisco Secure Client encounter an error about Cisco Secure Desktop not being installed and this prevents the successful connections.  This symptom seems a side effect of the DoS-like attacks but further investigation still continues.

The Cisco ASA or FTD VPN headends exhibit the symptoms of password spraying, with millions of rejected authentication attempts visible in the “syslogs.”

Cybersecurity researchers are investigating these attacks, but all organizations must be active in strengthening their VPN infrastructures against evolving threats.

They must adopt security practices and stay vigilant for signs of compromise so that they can eliminate the risk posed by these attacks.

What are your thoughts on the matter? Share your opinions with our readers in the comments section below.

More about the topics:VPN

Srishti Sisodia

Windows Software Expert

Srishti Sisodia is an electronics engineer and writer with a passion for technology. She has extensive experience exploring the latest technological advancements and sharing her insights through informative blogs.

Her diverse interests bring a unique perspective to her work, and she approaches everything with commitment, enthusiasm, and a willingness to learn. That’s why she’s part of Windows Report’s Reviewers team, always willing to share the real-life experience with any software or hardware product. She’s also specialized in Azure, cloud computing, and AI.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Srishti Sisodia

Windows Software Expert

She is an electronics engineer and writer with a passion for technology. Srishti is specialized in Azure, cloud computing, and AI.