- Graynoise observes 500% peak in scans targeting the Palo Alto GlobalProtect and Pan-Os profiles
- 7% of digitization IPs were malicious; Most came from the United States, targeting systems in the United States and Pakistan
- Palo Alto found no proof of compromise and remains confident in his defenses fueled by Cortex Xsiam
Experts have warned that they seem to try to sniff vulnerability in Palo Alto Networks connection portals.
Greynoise safety researchers said they observed a 500% increase in IP addresses to scan the Palo Alto Networks GlobalProtect and Pan-Os.
On average on Friday, around 200 IP addresses assess various profiles on the web, but on October 3, researchers saw more than 1,280.
Palo Alto remains secure
Spots like this are not unusual, but they are often a sign that an actor of threat has discovered a vulnerability and now maps the potential victims.
Graynoise also said that on the IP addresses she had seen, 7% are confirmed as malicious and 91% “suspect”.
Most of these IP addresses came from the United States, with notable minorities from the United Kingdom, the Netherlands, Canada and Russia. Targets are mainly located in the United States and Pakistan.
“Almost all activities were addressed to the Palo Alto profiles imitated by Greynoise (Palo Alto GlobalProtect, Palo Alto Pan-Os), suggesting that the activity is targeted in nature, probably derived from the public (for example, Shodan, Censys) or scans of striker Palo Alto”, said Greynoise in his report.
At the same time, Palo Alto remains convinced that his systems can resist almost all attacks. In a declaration shared with Bleeping CompomputeThe company said it has investigated the reports and “found no evidence” of a compromise:
“Palo Alto Networks is protected by our own Cortex Xsiam platform, which stops 1.5 million new daily attacks and autonomous 36 billion security events in the most critical threats to guarantee that our infrastructure remains secure. We remain confident in our solid security posture and our ability to protect our network,” said the publication spokesperson.
Analyzes like this can be used to hunt vulnerabilities of days, but also for zero days.
Via Bleeping Compompute
Follow Techradar on Google News And Add us as a favorite source To get our news, criticisms and expert opinions in your flows. Be sure to click on the follow!
And of course, you can also Follow Techradar on Tiktok For news, criticism, unpacking in video form and obtain regular updates to us on Whatsapp Also.
