- Greynoise observes a 500 % increase in scans aimed at Palo Alto GlobalProtect and PAN-OS
- 7% of scanned IP were malicious; The majority originated in the USA, pointing to systems in the US
- Palo Alto did not find evidence of commitment and continues to trust his defenses promoted by Cortex Xsiam
Experts have warned that it seems that someone is trying to detect vulnerability in the Palo Alto Networks login portals.
Greynoise’s security researchers said they had observed a 500% increase in IP addresses in search of GlobalProtect and Pan-Os Palo Alto Networks.
On an average Friday, around 200 IP addresses are looking for different profiles on the web, but on October 3, the researchers saw more than 1280.
Palo Alto remains safe
Picos like this are not unusual, but they are often a sign that an actor of threats discovered vulnerability and is now mapping potential victims.
Greynoise also said that of the IP addresses he saw, it is confirmed that 7% are malicious and 91% “suspicious.”
Most of these IP addresses came from the US, and notable minorities came from the United Kingdom, the Netherlands, Canada and Russia. The objectives are mainly in the United States and Pakistan.
“Almost all the activity went to the emulated profiles of Palo Alto de Graynoise (Palo Alto GlobalProtect, Palo Alto Pan -os), which suggests that the activity is directed by nature, probably derived from public scanning (for example, Shodan, Censys) or originated by attackers who take fingerprints of Palo Alto devices,” Graynoise said in his report.
At the same time, Palo Alto continues to trust that his systems can resist almost any attack. In a statement shared with PitidocomputadoraThe company said it investigated the reports and “found no evidence” of a commitment:
“Palo Alto Networks is protected by our own Cortex Xsiam platform, which stops 1.5 million new daily attacks and autonomously reduces 36 billion security events in the most critical threats to ensure that our infrastructure remains safe. We continue to trust our solid security posture and our ability to protect our network,” the spokesman told the publication.
Scanns like this can be used to seek vulnerabilities of N, but also zero days.
Through Pitidocomputadora
Follow Techradar on Google News and Add us as a preferred source To receive news, reviews and opinions of our experts in their feeds. Be sure to click on the Follow button!
And of course you can also Keep PakGazette in Tiktok For news, reviews, video aboxings and receive periodic updates on our part in WhatsApp also.
You may also like
