A massive cyberattack is underway, and it’s growing fast. Nearly 2.8 million IP addresses are being used in a brute force attack targeting businesses. If successful, hackers can hijack networks, steal data, and launch even more attacks from inside a company’s system. We’ll explain how this is happening, and more importantly, how you can protect your network, as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• A massive cyberattack targeting businesses worldwide.
• How hackers are using 2.8 million IPs in a large-scale brute force attack.
• How the attack is disguising itself as normal home network traffic.
• Why networking equipment are the main targets.
• How hackers can steal credentials, take control of systems, and disguise further attacks.
• Key steps to take to defend your systems.

Video Transcript

Brute force attacks are one of the oldest hacking techniques, but they’re still widely used because they simply work. Hackers try an overwhelming number of username and password combinations until they find the right one. It’s not a sophisticated method, but with enough time and computing power, even strong passwords can be cracked.

But this attack isn’t coming from a single source—it’s being carried out by a botnet, a network of compromised devices that have been taken over by hackers. These devices, often infected with malware, are being used without their owners even knowing. Instead of a few attackers trying to guess passwords, millions of infected devices are doing the work for them, making the attack incredibly difficult to stop.

Unlike traditional brute force attacks, which might come from a small set of suspicious IP addresses, this attack is being launched from nearly 2.8 million different IPs every single day. Many of these are coming from residential networks, meaning the traffic looks like it’s coming from ordinary home users rather than an organized attack. That makes it much harder for security systems to detect and block the activity.

The attack has been escalating for over a month, with most of the traffic originating from Brazil, followed by Turkey, Russia, Argentina, Morocco, and Mexico. But this isn’t a regional issue—it’s happening on a global scale, affecting businesses everywhere.

The focus of this attack is on edge security devices—firewalls, VPNs, and security gateways. These are the first line of defense for businesses, controlling who can access internal systems. If hackers break into these devices, they can monitor network traffic, steal sensitive data, and even reroute attacks through a company’s network to disguise their activities.

The devices being used in the attack are mostly compromised routers and IoT devices. These are commonly hijacked by malware and turned into attack tools, helping hackers carry out large-scale operations like this one.

Once hackers gain access, they can do serious damage. They might steal credentials, gain control over critical systems, or even sell access to other cybercriminals. In some cases, hacked devices are turned into proxy exit nodes, meaning hackers use them to disguise their location while launching further attacks. Since businesses generally have a strong reputation, traffic coming from inside an enterprise network is much harder to detect as malicious.

Stopping brute force attacks requires a strong defense. The most important step is to change default admin passwords to something long and unique. Hackers rely on weak credentials, and a strong password can make brute force attacks difficult.

Enabling multi-factor authentication is another critical step. Even if a hacker guesses the right password, MFA adds an extra layer of security, blocking unauthorized access. Businesses should also restrict remote access by setting up an allowlist of trusted IP addresses and disabling web admin interfaces if they’re not needed.

Finally, keeping security devices updated is essential. Many brute force attacks target outdated firmware with known vulnerabilities. Regularly applying security patches helps close these gaps before attackers can exploit them.

Cyberattacks like this one aren’t slowing down. They’re getting bigger, more complex, and harder to detect. A proactive IT partner, like rocket IT, can help businesses monitor their networks, strengthen security settings, and stay ahead of threats. For those looking to better secure their networks, contact Rocket IT using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.