Widespread brute force / dictionary attacks overnight
We received notifications from literally every Internet facing firewall that we have deployed as well as a number of honeypot devices for failed login attempts from an IP Address 45.134.144.200. This IP Address is in the same network (45.134.144.0/24) that we've seen similar traffic from in the past and we have no indication of any legitimate traffic to or from that network in the past 12 months. If you manage one or more networks with Internet connectivity, it may be worth looking into this network range to see if there has been any traffic (or successful logins). For our MyIT clients, we had already blocked a few specific IP Addresses based on similar traffic in the past but are now updating all of our managed firewalls to block the entire…