{"id":602,"date":"2025-03-15T22:47:07","date_gmt":"2025-03-16T03:47:07","guid":{"rendered":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/?p=602"},"modified":"2025-03-15T22:49:20","modified_gmt":"2025-03-16T03:49:20","slug":"vpns-are-under-attack","status":"publish","type":"post","link":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/blog\/vpns-are-under-attack\/","title":{"rendered":"They&#8217;re Not Knocking, They&#8217;re BUSTING In!"},"content":{"rendered":"<p style=\"text-align: center\"><span style=\"color: #ff0000\"><strong>They&#8217;re Not Knocking, They&#8217;re BUSTING In! Black Basta&#8217;s New Tool Makes Ransomware Attacks Even Easier<\/strong><\/span><\/p>\n<p>The ransomware threat continues to escalate, and the latest news reveals a significant leap in sophistication: the Black Basta gang has created &#8216;<span style=\"color: #ff0000\"><strong>BRUTED<\/strong><\/span>,&#8217; <span style=\"text-decoration: underline\"><strong>a framework that automates <span style=\"color: #ff0000;text-decoration: underline\">brute-force attacks<\/span> on critical network access points like <span style=\"color: #ff0000;text-decoration: underline\">VPNs<\/span>.<\/strong><\/span><\/p>\n<p>Think of your firewall and VPN as the heavily locked doors and security systems protecting your digital home. Brute-force attacks are like trying every possible key combination until they find the right one. Traditionally, this was a time-consuming process. But with BRUTED, Black Basta has created a master key generator, significantly speeding up their ability to break into vulnerable networks.<\/p>\n<p><span style=\"color: #ff0000\"><strong>What is BRUTED and Why Should You Care?<\/strong><\/span><\/p>\n<p>Discovered by researchers at EclecticIQ, BRUTED is a framework designed to systematically try countless username and password combinations against popular VPN and remote access products like <strong>SonicWall NetExtender<\/strong>, <strong>Palo Alto GlobalProtect<\/strong>, <strong>Cisco AnyConnect<\/strong>, <strong>Fortinet SSL VPN,<\/strong> <strong>Citrix NetScaler<\/strong>, <strong>Microsoft RDWeb<\/strong>, and <strong>WatchGuard SSL VPN<\/strong>.<\/p>\n<p>This automation allows Black Basta to:<\/p>\n<ul>\n<li><strong>Streamline initial network access:<\/strong> BRUTED can target multiple devices simultaneously instead of painstakingly trying individual logins.<\/li>\n<li><strong>Scale ransomware attacks:<\/strong> By quickly gaining access to more networks, Black Basta can launch more ransomware attacks, increasing their profit potential.<\/li>\n<\/ul>\n<p><span style=\"color: #ff0000\"><strong>Echoes of BRUTED in Recent Attacks: The 2024 Landscape<\/strong><\/span><\/p>\n<p>The discovery of <strong>BRUTED<\/strong> aligns with numerous reports of large-scale brute-forcing and password spray attacks targeting these devices throughout <strong>2024<\/strong>. While direct attribution can be tricky, security experts believe tools like BRUTED or similar automated frameworks were likely behind many of these incidents.<\/p>\n<p>While specific dollar value losses directly linked to <strong>BRUTED<\/strong> are still emerging, the overall cost of ransomware attacks in 2024 was staggering. For instance, a report by Chainalysis <span style=\"color: #ff0000\">estimated that ransomware payments reached <\/span><strong><span style=\"color: #ff0000\">over $1.1 billion in 2023<\/span>. While<\/strong>\u00a02024 data is still being finalized, early indicators suggest a continued high level of activity and significant financial impact.<\/p>\n<p>One notable incident in <strong>October 2024<\/strong> saw <span style=\"color: #ff0000\"><strong>a major healthcare provider<\/strong><\/span> suffer a significant ransomware attack that disrupted services for weeks, costing an estimated <span style=\"color: #ff0000\"><strong>tens of millions of dollars<\/strong> in recovery and lost revenue<\/span>. While the exact entry point wasn&#8217;t publicly confirmed as a brute-force attack using a tool like BRUTED, the timing and focus on network access devices make it a concerning parallel. Similarly, in <span style=\"color: #ff0000\"><strong>July 2024<\/strong><\/span>, <span style=\"color: #ff0000\">a large manufacturing company experienced a crippling ransomware attack that halted production,<\/span> with recovery costs projected to be in the <strong>millions of dollars<\/strong>. These examples highlight the severe financial consequences that can arise when threat actors successfully breach network defenses.<\/p>\n<p><span style=\"color: #ff0000\"><strong>Insurance Companies Tightening the Screws<\/strong><\/span><\/p>\n<p>The escalating frequency and cost of ransomware attacks are forcing insurance companies to become increasingly strict with their cybersecurity requirements for policy renewals. <span style=\"text-decoration: underline;color: #ff0000\"><strong>Many are now mandating<\/strong><\/span>:<\/p>\n<ul>\n<li><strong><span style=\"color: #ff0000\">Multi-Factor Authentication (MFA)<\/span>:<\/strong> This is becoming a non-negotiable requirement for accessing sensitive systems, especially VPNs and remote access points.<\/li>\n<li><strong><span style=\"color: #ff0000\">Strong and Unique Passwords<\/span>:<\/strong> Generic or easily guessable passwords are no longer acceptable. Insurers are often looking for evidence of robust password management policies.<\/li>\n<li><strong><span style=\"color: #ff0000\">Regular Security Audits and Penetration Testing<\/span>:<\/strong> Companies must demonstrate that they proactively identify and address system vulnerabilities.<\/li>\n<li><strong><span style=\"color: #ff0000\">Endpoint Detection and Response (EDR) Solutions<\/span>:<\/strong> These advanced security tools provide real-time monitoring and threat detection capabilities.<\/li>\n<li><strong><span style=\"color: #ff0000\">Incident Response Plans<\/span>:<\/strong> A well-defined plan for handling security incidents is crucial for minimizing the impact of an attack.<\/li>\n<\/ul>\n<p>Failure to meet these stricter requirements can lead to higher premiums, reduced coverage, or even the outright refusal of policy renewal. Insurance companies recognize prevention is far more cost-effective than paying out hefty ransomware demands and recovery costs.<\/p>\n<p><span style=\"color: #ff0000\"><strong>What Can You Do to Protect Yourself?<\/strong><\/span><\/p>\n<p>The good news is that the defense strategies against brute-force attacks are well-established. <strong>Here&#8217;s what you need to do <em>today<\/em><\/strong>:<\/p>\n<ul>\n<li><strong><span style=\"color: #ff0000\">Enforce Strong, Unique Passwords<\/span>:<\/strong> This is your first line of defense. Use a password manager to create and store complex passwords for all your accounts, especially those accessing your network remotely.<\/li>\n<li><strong><span style=\"color: #ff0000\">Implement Multi-Factor Authentication (MFA)<\/span>:<\/strong> This adds an extra layer of security, requiring a second verification step (like a code from your phone) even if a password is compromised. Enable MFA on all VPN and remote access accounts.<\/li>\n<li><strong><span style=\"color: #ff0000\">Monitor for Suspicious Activity<\/span>:<\/strong> Watch for login attempts from unusual locations or a high volume of failed login attempts. Implement rate-limiting and account lockout policies to block repeated failed attempts automatically.<\/li>\n<li><strong><span style=\"color: #ff0000\">Keep Your Systems Updated<\/span>:<\/strong> Regularly apply security updates to your VPN devices, firewalls, and all other network infrastructure. These updates often patch vulnerabilities that attackers can exploit.<\/li>\n<li><strong><span style=\"color: #ff0000\">Consider Threat Intelligence<\/span>:<\/strong> Utilize the list of IPs and domains associated with BRUTED (shared by EclecticIQ) to create firewall rules and block potentially malicious traffic.<\/li>\n<li><strong><span style=\"color: #ff0000\">Educate Your Employees<\/span>:<\/strong> Human errors are a significant factor in many cyberattacks. Train your employees to recognize phishing attempts and other social engineering tactics.<\/li>\n<\/ul>\n<p><span style=\"color: #ff0000\"><strong>Don&#8217;t Wait Until It&#8217;s Too Late!<\/strong><\/span><\/p>\n<p>The emergence of tools like BRUTED highlights the relentless nature of cyber threats. Taking proactive steps to strengthen your defenses is no longer optional \u2013 it&#8217;s necessary for survival in today&#8217;s digital world. Don&#8217;t let your organization become the next victim of a ransomware attack.<\/p>\n<p><span style=\"color: #ff0000\"><strong>What Can YOU Do? <\/strong><\/span><\/p>\n<p><span style=\"color: #ff00ff\"><em><strong>Review your organization&#8217;s VPN and remote access security protocols today. Implement multi-factor authentication, enforce strong passwords, and ensure your systems are up to date. Share this blog post with your network to raise awareness about this growing threat.<\/strong><\/em><\/span><\/p>\n<p>#Ransomware #Cybersecurity #BlackBasta #BRUTED #VPN #Security #InfoSec #DataSecurity #ThreatIntelligence #PasswordSecurity #MFA #BruteForceAttack #CyberThreats #StaySafeOnline #cmitsolutions<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>They&#8217;re Not Knocking, They&#8217;re BUSTING In! Black Basta&#8217;s New Tool Makes Ransomware&#8230;<\/p>\n","protected":false},"author":217,"featured_media":603,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[66,67,73,31,21,25,70,57,72,71,54,69,74,65,68],"class_list":["post-602","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-blackbasta","tag-bruted","tag-bruteforceattack","tag-cmitsolutions","tag-cybersecurity","tag-cyberthreats","tag-datasecurity","tag-infosec","tag-mfa","tag-passwordsecurity","tag-ransomware","tag-security","tag-staysafeonline","tag-threatintelligence","tag-vpn"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/posts\/602","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/users\/217"}],"replies":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/comments?post=602"}],"version-history":[{"count":0,"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/posts\/602\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/media\/603"}],"wp:attachment":[{"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/media?parent=602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/categories?post=602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cmitsolutions.com\/piscataway-nj-1178\/wp-json\/wp\/v2\/tags?post=602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}