news 
Now Ransomware Attackers Can Brute Force Your VPNs And Firewalls
In a disturbing development that highlights the relentless evolution of ransomware attacks, a recent report has revealed that malicious actors have created a potent new tool to compromise enterprise systems. According to threat intelligence analysts at EclecticIQ, the Black Basta ransomware group has developed an automated brute force attack framework, dubbed “Bruted,” which can be used to target VPNs and firewalls.
The tool, written in PHP, employs specialized brute-force logic for each individual attack platform. This includes tailored user-agent strings, endpoint paths, and success checks. The adaptability of Bruted allows attackers to systematically probe for weak or reused credentials across multiple enterprise environments, significantly expanding their potential victim pool and accelerating the monetization process.
Researchers have confirmed that the tool is capable of targeting a range of vendors and technologies, including SonicWall NetExtender, Palo Alto GlobalProtect, Cisco AnyConnect, Fortinet SSL VPN, Citrix NetScaler (Citrix Gateway), Microsoft RDWeb, and WatchGuard SSL VPN. This broad coverage underscores the severity of the threat posed by Bruted.
The tool’s functionality is alarming in its simplicity. It begins by automating subdomain enumeration and IP resolution for any given domain to scan for potentially valid hostnames and IP addresses. Any discovered hosts are then reported back to a remote command-and-control endpoint, where likely passwords from a remote server are combined with locally generated guesses to perform bulk authentication attempts.
To mitigate these ransomware attacks, it is essential that all devices are kept fully patched and up to date, password and login policies are strengthened, and unnecessary services and features are disabled.
