Sharp Rise in Brute-Force Attacks Targets SonicWall and Fortinet Devices, Researchers Warn

Security researchers have observed a dramatic increase in brute-force attacks aimed at compromising SonicWall and Fortinet devices. According to a new report from Barracuda Networks, the vast majority of these attempts—88%—appear to originate from the Middle East. While many attacks were blocked, the trend signals a growing threat to perimeter security.

What Drives the Surge in Brute-Force Attacks?

Barracuda’s analysis reveals that most of these brute-force attacks were unsuccessful, either thwarted by security tools or targeting invalid usernames. However, the timing is noteworthy. The spike coincides with heightened US and Israeli hostilities against Iran, suggesting a possible geopolitical motive. Attackers may be routing traffic through Middle Eastern servers, but the pattern raises alarms about state-linked cyber activity.

In recent weeks, Iranian-affiliated hackers have targeted US critical infrastructure and medtech firms. The line between state-sponsored operations and financially motivated cybercrime continues to blur, as seen with the resurgence of the Pay2Key ransomware group. For more context, read our analysis on hybrid Middle East conflicts triggering global cyber activity.

Why Edge Devices Are Prime Targets

Edge devices like VPNs and firewalls from SonicWall and Fortinet are internet-facing yet provide direct access to corporate networks. This makes them attractive targets for brute-force attacks. Barracuda reports that over half (56%) of all confirmed incidents from February to March involved such attacks.

“Attackers are aggressively scanning and testing perimeter devices for weak or exposed credentials,” warns Laila Mubashar, senior cybersecurity analyst at Barracuda. “Even when attacks fail, persistent probing raises the risk that a single weak password or misconfiguration could lead to compromise.”

How to Protect Your Network

To defend against these threats, organizations should take immediate action:

• Enforce strong, unique passwords on all network and security devices.
• Enable multi-factor authentication (MFA) on all VPNs, firewalls, and remote access services.
• Monitor and investigate repeated failed login attempts.
• Restrict management interfaces to trusted IP ranges where possible.

For additional guidance, check out our network security best practices guide.

The Rise of ClickFix Social Engineering Attacks

Alongside the brute-force attacks, Barracuda highlights a surge in ClickFix attacks. These social engineering schemes trick users into copying and executing malicious scripts under the guise of fixing a non-existent technical issue. Mubashar explains that such attacks exploit user trust and anxiety.

“Attackers use familiar elements like pop-ups, prompts, and instructions to run a fix,” she adds. “Because ClickFix attacks rely on duping users into adding malicious commands themselves, they are harder for automated security systems to spot.”

To mitigate this threat, organizations should improve end-user education, restrict who can run PowerShell or command-line tools, and deploy monitoring tools for unusual behavior. Learn more about social engineering defense strategies.

Final Thoughts on the Growing Threat Landscape

The surge in brute-force attacks on SonicWall and Fortinet devices underscores the importance of robust perimeter security. As geopolitical tensions rise, attackers are becoming more persistent and sophisticated. By implementing strong authentication measures and educating users, organizations can reduce their risk of compromise.