A large-scale brute force attack campaign, ongoing for weeks, has escalated significantly, posing a major cybersecurity threat, according to a non-profit security organization.

The Shadowserver Foundation has reported that this campaign, active since January, involves up to 2.8 million unique IP addresses daily. The attacks are specifically targeting VPN devices, firewalls, and gateways from major vendors such as Palo Alto Networks, Ivanti, and SonicWall.

Critical Security Devices Under Siege

Brent Maynard, senior director for security technology and strategy at Akamai Technologies, highlighted the significance of these attacks. “What makes this campaign particularly alarming is its sheer scale—millions of unique IP addresses are launching attacks daily,” he noted. “Moreover, the attacks are directed at crucial security infrastructure like firewalls, VPNs, and secure gateways, which serve as the first line of defense against cyber threats.”

If attackers successfully breach these devices, they could bypass security controls entirely, leading to data breaches, corporate espionage, or even destructive cyber incidents.

The Mechanics of a Brute Force Attack

Brute force attacks work by systematically bombarding login portals with waves of username and password combinations in an attempt to gain unauthorized access. Once compromised, these devices can be exploited for data theft, botnet deployment, or illicit access to corporate networks.

“This type of botnet activity isn’t new, but the scale is deeply concerning,” said Thomas Richards, director of network and red team practice at Black Duck Software. “Even unsuccessful login attempts can still disrupt operations by overwhelming authentication systems, locking out valid users, and causing significant downtime.”

Exploiting Weak Credentials

Brute force attacks thrive on weak or reused passwords, a longstanding vulnerability in cybersecurity. Patrick Tiquet, vice president for security and architecture at Keeper Security, emphasized the risks: “Beyond immediate data loss, these breaches can disrupt business operations, damage brand reputation, and erode customer trust, leading to long-term financial and security consequences.”

Adding to the challenge, the attack traffic is being generated by millions of compromised devices worldwide, making defense efforts complex. Erich Kron, security awareness advocate at KnowBe4, pointed out, “Many consumers still have outdated and vulnerable devices connected to the internet, which are being hijacked to power these cyberattacks.”

While traditional mitigation strategies such as geoblocking and blacklisting large IP ranges might seem viable, these methods risk blocking legitimate users, potentially causing businesses to lose revenue and credibility.

Credential-Based Attacks on the Rise

Kris Bondi, CEO and co-founder of Mimoto, noted that Shadowserver’s findings underscore the vulnerability of credentials, even within security-focused organizations. “Brute force attacks operate at scale. The real question isn’t whether they’ll succeed—it’s how often they will and whether security teams can detect them in time.”

Today’s cybercriminals deploy massive botnets that can test thousands of login credentials in mere minutes. “Using a tactic called password spraying, attackers pair known usernames or email addresses with thousands of common passwords, testing them rapidly across various exposed devices,” added Kron. “With millions of devices participating, the likelihood of success is extremely high.”

Bondi further observed that automation and AI have made executing these attacks easier and more efficient. “Cybercriminals understand that credentials are a major weak point. By overwhelming security teams with sheer volume, they increase their chances of breaking in.”

The rapid growth of internet-connected devices and persistent use of weak passwords continue to fuel these threats. Maynard pointed out, “With remote work, IoT devices, and cloud adoption, businesses are more dependent than ever on edge security devices, making them prime targets.”

AI’s Role in Cyber Defense

While AI is being used to scale brute force attacks, it also holds potential in mitigating them. “AI can be a game-changer in defending against these threats,” Maynard asserted. “Security teams are increasingly leveraging AI-driven solutions to detect anomalies, analyze behavioral patterns, and automate responses.”

Kron agreed, explaining that AI excels at spotting irregular login attempts and identifying suspicious traffic patterns. “AI can detect trends in attempted logins, recognize patterns of attack, and recommend measures to filter malicious traffic before damage occurs.”

However, Jason Soroko, senior vice president of product at Sectigo, cautioned that AI alone isn’t enough. “AI can certainly help by detecting unusual login behavior and throttling suspicious activity in real time, but strong authentication methods should always be the first line of defense.”

As cyber threats continue to evolve, organizations must prioritize proactive security strategies, enforce strong credential policies, and invest in AI-powered defenses to counter the growing scale of brute force attacks.

Source