Now Ransomware Attackers Can Brute Force Your VPNs And Firewalls

Forbes - Mar 15th, 2025

Recent warnings from the FBI highlight the evolving strategies of ransomware groups, with the Black Basta group integrating automated brute-force attacks into their operations. A report by cyber threat analyst Arda Büyükkaya reveals a new framework called Bruted, used to automate attacks on enterprise VPNs and firewalls by leveraging stolen credentials. This tool allows attackers to systematically probe for weak spots in corporate networks, targeting technologies from vendors like SonicWall, Palo Alto, Cisco, and more. The automation and scalability of these attacks expand the potential victim pool and accelerate ransomware deployment.

The implications of this development are significant, as it underscores the persistent threat of ransomware groups adapting their tactics to breach enterprise defenses. Bruted represents a highly adaptable threat, capable of exploiting weak or reused credentials across various platforms. To counter these threats, Büyükkaya suggests organizations ensure devices are fully patched, strengthen password policies, and disable unnecessary services. This story emphasizes the need for heightened vigilance and robust cybersecurity measures in the face of increasingly sophisticated adversaries.

Cybersecurity Fbi Ransomware Black Basta Bruted Enterprise Vpn Firewalls Arda Büyükkaya Eclectic Iq

Story submitted by Fairstory

RATING

7.0

Fair Story

Consider it well-founded

The article provides a detailed and largely accurate account of the methods used by ransomware groups like Black Basta, focusing on the technical aspects of their attacks. It effectively highlights the significance of the BRUTED framework and its implications for cybersecurity, making it a timely and relevant piece. However, the article could benefit from additional sources and perspectives to enhance its balance and source quality. While the technical content is well-explained, simplifying some of the language could improve readability for a broader audience. Overall, the article successfully raises awareness of a critical issue, offering valuable insights into the evolving threat landscape of ransomware attacks.

Accuracy

The article presents several factual claims about ransomware attacks, particularly focusing on the Black Basta group and their use of automated brute force attacks. The main claims align with known cybersecurity reports, which provide a solid basis for the article's assertions. For example, the description of the BRUTED framework used by Black Basta is consistent with cybersecurity analysis, which confirms its use in credential-stuffing attacks against VPNs and firewalls. However, the article mentions FBI warnings without specific references, which could be a point needing further verification. Overall, the article is largely accurate, but some claims would benefit from additional sourcing or citations.

Balance

The article predominantly focuses on the technical aspects of ransomware attacks, particularly those associated with the Black Basta group. It provides a detailed look at the methods used by these attackers, which is crucial for understanding the threat landscape. However, the article could be more balanced by including perspectives from cybersecurity professionals or organizations on how these threats are being countered. The focus is heavily on the threat itself, with less emphasis on the broader context or potential solutions, which could provide a more rounded view.

Clarity

The article is well-structured and uses clear language to explain complex cybersecurity concepts, making it accessible to a general audience. The logical flow from the introduction of the threat to the specific details about the BRUTED tool helps readers understand the significance of the issue. However, some technical jargon, such as 'credential stuffing' and 'edge network devices,' might require further explanation for readers unfamiliar with cybersecurity terminology. Overall, the article maintains a neutral tone and effectively communicates its main points.

Source quality

The article references research by Arda Büyükkaya, a cyber threat intelligence analyst at EclecticIQ, which lends credibility to its claims. However, it lacks a diversity of sources, relying heavily on the findings from a single report. Including additional sources, such as statements from affected companies, law enforcement agencies, or independent cybersecurity experts, would enhance the article's reliability and depth. The reliance on a single source could introduce bias or limit the scope of the information presented.

Transparency

The article provides a clear explanation of the BRUTED framework and its implications for cybersecurity, which aids transparency. However, there is a lack of detail regarding the methodology used to obtain the information, particularly concerning the leaked chat logs from the Black Basta group. Additionally, the article does not disclose any potential conflicts of interest or affiliations that might affect the reporting. Greater transparency about the sources and methods used to gather information would improve the article's credibility.