Critical Password Warning—2.8 Million Devices Used In New Hack Attack

Hackers want your password. That’s not too hard to understand in light of the fact that gaining access to accounts and devices is the goal of most cybercriminal campaigns. The methods used to hack your password don’t have to be “the most sophisticated ever,” as seen in recent Gmail attacks; there is often an easier and more efficient way to gain access to the devices and accounts that lead to further compromise: the brute force attack. It has now been confirmed that a genuinely gargantuan brute force password hacking attack is underway, and it’s using 2.8 million already compromised devices in the attempt to compromise more. Here’s what you need to know and do.

ForbesGoogle Chrome Drive-By Hack Attack Confirmed—Act Now To Stay SafeBy Davey Winder

The Brute Force Password Hack Campaign Explained

Hot on the heels of an FBI warning about brute force attacks against web cameras and digital video recorders, comes the news of a much more concerning and seemingly widespread password hacking campaign. According to the Shadowserver Foundation, which describes itself as “a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone,” an ongoing bruise force password attack has ramped up the volume to 11 and is now employing up to 2.8 million compromised devices every day to facilitate the attacks against Palo Alto Networks, Ivanti, and SonicWall network edge security devices such as VPNs and firewalls. A Shadowserver Foundation X posting confirmed that there had been a “large increase in web login brute-forcing attacks against edge devices seen last few weeks in our honeypots.”

ForbesHow To Check If Your Apple Watch Is Infected With SpywareBy Davey Winder

Consumers Compromised To Facilitate Enterprise Password Attacks

A Shadowserver Foundation spokesperson told Bleeping Computer that the “attacking IP addresses are spread across many networks and Autonomous Systems and are likely a botnet or some operation associated with residential proxy networks.” In other words, cybercriminals are employing an automated process that uses compromised consumer accounts and devices in order to facilitate such a massive brute force password hack attack.

What You Need To Do Now To Protect Your Password

Consumers and enterprises alike should take steps to make sure they are using strong and unique passwords for all accounts and devices, with two-factor authentication as a second layer of protection against compromise. All devices should be updated with the latest firmware, and you should ensure that all security patches have been implemented.

ForbesNew Facebook Attack Warning—What You Need To Do Right NowBy Davey Winder

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.