Trustwave cybersecurity researchers found a rise in “mass scanning, credential brute forcing, and exploitation makes an attempt” coming from an IP addresses linked with a Russian bulletproof internet hosting service supplier, Proton66. This exercise was detected on January 8, 2025, and has been concentrating on organizations globally.
Safety leaders weigh in
Patrick Tiquet, Vice President, Safety & Structure at Keeper Safety:
The broad vary and depth of cyberattacks facilitated by Proton66 demonstrates why organizations want layered cybersecurity defenses. The actions stemming from Proton66 embrace vulnerability scanning, credential brute forcing, exploit makes an attempt and phishing campaigns that mimic respected WordPress websites, Google Play Retailer app listings and chat rooms.
Safety and IT groups ought to view these threats as a stark reminder of the various strategies by which attackers can goal their organizations. Firms must also have safety occasion monitoring in place to detect and analyze privilege escalations in order that anomalous conduct may be detected and blocked. All organizations ought to take a proactive method to frequently replace all software program and instantly patch vulnerabilities which are being actively exploited within the wild.
Robust identification administration is important in defending towards brute pressure assaults by implementing sturdy, distinctive passwords and implementing Multi-Issue Authentication (MFA). MFA provides one other very important layer of safety, making it considerably more durable for attackers to achieve entry even when they crack a password. Some of the efficient methods to guard delicate programs is thru Privileged Entry Administration (PAM), which ensures that high-risk accounts endure common password rotation. This reduces the window of alternative for attackers to take advantage of stolen credentials.
Organizations must also guarantee they’ve fundamental precautions together with an endpoint safety platform, net filtering and e mail safety in place. Finest practices must also embrace common worker training to restrict the affect of human error. Staff needs to be skilled to acknowledge phishing makes an attempt, malicious attachments, suspicious hyperlinks and different widespread threats.
Trey Ford, Chief Data Safety Officer at Bugcrowd:
The web generally is a noisy neighborhood, and every now and then, we’ve discovered miscreants who don’t care to differ their supply IPs — for quite a lot of causes. IP addresses should not sturdy indicators, as various scan sources is cheap — so this may increasingly converse to the hassle degree, professionalism, or funding degree of the actors.
Clearly web uncovered companies must be hardened, and patched ruthlessly — they’re uncovered and accepting requests from anyplace allowed… sustaining blocklists for IPs like this at scale is basically wasted power.
The account brute forcing reminds us of the significance of sustaining velocity checks monitoring tried login exercise from singular IP addresses, internet blocks and even user-agent strings. CAPTCHA instruments differ in functionality, so in the end, we needs to be aiming to drive up the fee and complexity of attacker exercise past the attain of lazy assault patterns like these being flagged right here.
