- Greynoise observes 500% increase in scans targeting Palo Alto GlobalProtect and Pan-OS profiles
- 7% of scan IPS were malicious; most derives from USA, target guidance systems in the US and Pakistan
- Palo Alto found no compromise and remain confident in its cortex XSIAM-driven defense
Experts have warned that it seems that someone is trying to sniff a vulnerability in Palo Alto Network’s login portals.
Greynoise security researchers said they had observed an increase of 500% in IP addresses scanning for Palo Alto Networks GlobalProtect and Pan-OS profiles.
On average on Friday, about 200 IP addresses scanned for different profiles on the web, but on October 3, the researchers saw more than 1,280.
Palo Alto remains safe
Spikes like this are not unusual, but they are often a sign that a threat actor discovered a vulnerability and now maps potential victims.
Greynoise also said that of IP addresses, it saw, 7% are confirmed to be malicious and 91% “suspicious”.
Most of these IP addresses came from the United States, where notable minorities came in from the UK, the Netherlands, Canada and Russia. Goals are mostly located in the US and Pakistan.
“Almost all activity was aimed at Greynoise’s emulated Palo Alto profiles (Palo Alto GlobalProtect, Palo Alto Pan-OS), suggesting that the activity is targeted in nature, probably derived from the public (eg, said Shodan, Censys) or attackers-set scans Fingerprint of Palo Alto Units,” said Greyynoise in his rapport.
At the same time, Palo Alto remains convinced that its systems can withstand almost any attack. In a statement shared with Bleeping computerThe company said the reported reports and “found no evidence” for a compromise:
“Palo Alto Networks is protected by our own Cortex XSIAM platform, which stops 1.5 million new attacks daily and autonomously reduces 36 billion security events to the most critical threats to ensure that our infrastructure remains safe. We remain safe in our robust security position and our ability to protect our network,” the spokesman told the public.
Scans like this can be used to hunt for n-day vulnerabilities, but also in zero days.
Via Bleeping computer
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
