- Greynoise observes 500% of the splays in scanning aimed at the profiles of Palo Alto Globalprotect and Pan-Sos
- 7% scanning IP were malicious; Most of them came from the United States aimed at systems in the USA and Pakistan
- Palo Alto did not find compromise evidence and remains confident in his protection against XSIAM bark,
Experts warn that, it seems, someone is trying to lure the vulnerability in the login login portals Palo Alto.
Security researchers from Greynoise said they observed an increase in the IP addresses by 500% to scan the IP addresses for Palo Alto Networks Globalprotect and Pan -os Profiles.
On average, on Friday, about 200 IP addresses scanned various profiles throughout the Internet, but on October 3, researchers saw more than 1280.
Palo Alto remains safe
Such spikes are not unusual, but they are often a sign that the actor of the threat has discovered vulnerability and now displays potential victims.
Greynoise also stated that from the IP addresses that he saw, 7% is confirmed that he is malicious and 91% “suspicious”.
Most of these IP addresses came from the United States, and well -known minorities arrived from the UK, the Netherlands, Canada and Russia. The goals are mainly located in the USA and Pakistan.
“Almost all activities were aimed at the emulated Palo Alto profiles from Greynoise (Palo Alto Globalprotect, Palo Alto Pan-Sos), suggesting that the activity is aimed at nature, probably received from the public (for example, Shodan, Censys) or on the attacking in their report.
At the same time, it is still sure that his systems can resist almost any onslaught. In a statement separated from A sipped computerThe company said that it was investigating reports and “did not find evidence” of the compromise:
“Palo Alto Networks is protected by our own Cortex XSIAM platform, which stops 1.5 million new attacks daily and reduces 36 billion safety events in the most important threats to ensure the safety of our infrastructure. We remain confident in our reliable safety position and our ability to protect our network, ”the representative -secretary said in publication.
Similar scans can be used to hunt N-Day vulnerability, as well as on zero days.
By using A sipped computer
Watch Techradar in Google News And Add us as a preferred source To get our expert news, reviews and opinions in your channels. Be sure to click the “following” button!
And, of course, you can also Follow Techradar on Tiktok For news, reviews, unpacking in the form of video and regular updates from us on WhatsApp too much.
