More than 1,285 IP addresses have scanned Palo Alto Networks login portals on Friday, representing a 500% increase from the usual number of scans, 97% of which were suspicious, while the remainder was confirmed to be malicious, according to Security Affairs.The U.S. accounted for most of the IP addresses that conducted the scans, which were primarily targeted at U.S. and Pakistani systems' Palo Alto Networks profiles that suggest targeted reconnaissance efforts, findings from GreyNoise showed. Such a scanning surge aimed at Palo Alto Networks portals was underpinned by a TLS fingerprint linked to Dutch infrastructure also used in activity against Cisco Adaptive Security Appliances, said GreyNoise researchers."In addition to a possible connection to ongoing Cisco ASA scanning, GreyNoise identified concurrent surges across remote access services. While suspicious, we are unsure if this activity is related," noted researchers, who added that development of an improved dynamic IP blocklist is already underway.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds