Surge in Brute-Force Attacks Targeting SonicWall and Fortinet Devices

Severity: High (Score: 77.0)

Sources: Cybersecuritydive, Infosecurity-Magazine, blog.barracuda.com, Scworld

Summary

In the first quarter of 2026, a significant increase in brute-force authentication attacks was reported, primarily targeting SonicWall and Fortinet FortiGate devices. According to Barracuda, approximately 90% of these attacks originated from the Middle East, with over half of all cyber incidents from February to March linked to these devices. The attacks coincide with heightened tensions following U.S. and Israeli military actions against Iran, leading to increased activity from Iran-nexus threat groups. While many of the brute-force attempts were unsuccessful, the persistent probing raises concerns about potential vulnerabilities. Security experts recommend implementing multifactor authentication and monitoring for failed login attempts to mitigate risks. The attacks highlight the ongoing threat to critical infrastructure and the blurred lines between state-sponsored and financially motivated cybercrime. Organizations are urged to bolster their defenses against these types of intrusions. Key Points: • 90% of brute-force attacks are traced back to the Middle East, targeting SonicWall and Fortinet devices. • Over half of all cyber incidents from February to March 2026 involved brute-force attacks on these systems. • Security teams are advised to enforce multifactor authentication and monitor for failed login attempts.

Key Entities

• Brute Force (attack_type)
• Fortinet (company)
• Sonicwall (company)
• Iran (country)
• Israel (country)
• Energy (industry)
• T1110 - Brute Force (mitre_attack)
• Fortinet FortiGate (platform)
• Pay2Key (ransomware_group)