Summary: The Black Basta ransomware operation has developed an automated brute-forcing tool named βBRUTEDβ that targets edge networking devices such as firewalls and VPNs. This framework enhances their ransomware attacks by providing streamlined access to vulnerable endpoints, with reports of increased credential-stuffing attacks throughout 2024. The tool has been designed to evade detection while significantly increasing attack efficiency on various remote-access products.
Affected: Edge Networking Devices (VPNs, Firewalls, etc.)
Keypoints :
- BRUTED automates credential stuffing and brute-force attacks on multiple VPN and remote-access products.
- The tool enumerates and targets publicly accessible devices, enhancing efficiency in identifying vulnerabilities.
- Defensive measures include enforcing strong passwords, using multi-factor authentication (MFA), and monitoring suspicious login attempts.