A weeks-long brute force attack campaign by malicious actors has reached mammoth proportions, according to a non-profit security organization. The Shadowserver Foundation reports that the campaign, which has been ongoing since January, involves as many as 2.8 million IP addresses daily, targeting VPN devices, firewalls, and gateways from vendors like Palo Alto Networks, Ivanti, and SonicWall.

“The recent wave of brute force attacks targeting edge security devices, as reported by Shadowserver, is a serious concern for cybersecurity teams,” said Brent Maynard, senior director for security technology and strategy at Akamai Technologies, a content delivery network service provider in Cambridge, Mass.

“What makes this attack stand out is both its scale — millions of unique IPs attempting access daily — and the fact that it’s hitting critical security infrastructure like firewalls, VPNs, and secure gateways,” Maynard told.

Massive Botnet Threat Escalates

“This type of botnet activity is not new. However, the scale is worrisome,” observed Thomas Richards, a network and red team practice director at Black Duck Software, an applications security company in Burlington, Mass.

“Depending on the type of device compromised, the attackers could leverage their access to disable internet access to the organization, disrupt networks communicating or facilitate their own access inside the network,” Richards told.

Credential-Based Attacks Overwhelm Defenses

Kris Bondi, CEO and co-founder of Mimoto, a threat detection and response company in San Francisco, asserted that the campaign exposed by Shadowserver highlights the vulnerability of credentials.

“Brute force attacks are automated, so they’re implemented at scale,” Bondi told. “It’s not a question of if they can get in with this approach. The question is how many times the organization will be penetrated this way, and will the security team know when it happens.”

AI’s Role in Cyberattack Defense

While artificial intelligence contributes to the rise in brute force attacks, it may also help foil them. “AI has the potential to be a game-changer in defending against brute force and credential stuffing attacks,” Maynard said.

He noted that security teams are using AI-driven solutions to detect anomalies, analyze behavior, and automate responses to attacks.

Jason Soroko, senior vice president of product at Sectigo, a global digital certificate provider, acknowledged that AI could help defenses by detecting anomalous login patterns and throttling suspicious activity in real time.