GlobalProtect VPN portals probed with 2.3 million scan sessions

Source: BleepingComputer

Author: Bill Toulas

URL: https://www.bleepingcomputer.com/news/security/globalprotect-vpn-portals-probed-with-23-million-scan-sessions/

ONE SENTENCE SUMMARY:

A coordinated campaign has spiked malicious scanning on Palo Alto Networks GlobalProtect VPN portals, amplifying security concerns significantly.

MAIN POINTS:

1. Malicious activity targeting GlobalProtect VPN surged 40 times in one day.
2. Activity began escalating on November 14, reaching a 90-day high.
3. October saw a 500% increase in IPs scanning GlobalProtect, 91% suspicious.
4. April reported 24,000 IPs targeting GlobalProtect, many suspicious.
5. The surge linked to previous campaigns via fingerprints and timing.
6. Primary attacks originated from ASNs in Germany and Canada.
7. 2.3 million sessions targeted VPN logins between November 14 and 19.
8. Attacks focused on US, Mexico, and Pakistan users.
9. 80% of scanning spikes precede new security flaw disclosures.
10. February saw active exploitation of vulnerabilities in Palo Alto Networks.

TAKEAWAYS:

1. Coordinate security efforts to address escalating VPN portal threats.
2. Track IP activity patterns to preempt future security disclosures.
3. Recognize geographical attack concentration for better defense strategies.
4. Identify imminent threats by examining historical scanning spikes.
5. Utilize intelligence reports to inform security budget planning.