Researchers Spot Surge in Brute-Force Attacks from Middle East

Brute-Force Attacks Surge Against Edge Devices

Security researchers at Barracuda have detected a sharp rise in brute-force login attempts targeting SonicWall and Fortinet devices. The attacks overwhelmingly originate from the Middle East, with 88% of traffic traced to the region. Over half of all confirmed incidents from February to March 2026 involved this type of perimeter device probing.

Most attempts were blocked outright by security tools or aimed at invalid usernames. But the persistence matters. As Barracuda analyst Laila Mubashar warned: even when attacks fail, persistent probing raises the risk that a single weak password or misconfiguration leads to full compromise.

Geopolitical Context

The timing lines up with ongoing US and Israeli hostilities against Iran. Iranian-affiliated hackers have been linked to recent attacks on US critical infrastructure providers and medtech firms. The Pay2Key ransomware group has also resurfaced. Whether these brute-force attempts are state-backed or opportunistic criminals routing through Middle Eastern infrastructure, the effect is the same: edge devices are under heavy pressure.

Why Edge Devices Are the Target

VPN gateways and firewall appliances from vendors like SonicWall and Fortinet are internet-facing by design but also provide a foothold inside corporate networks. A compromised edge device gives attackers direct access past perimeter defenses. This makes them high-value targets for both espionage and ransomware operations.

Organizations running these devices should enforce strong, unique passwords on all network appliances, enable multi-factor authentication on VPNs and remote access services, monitor repeated failed login attempts, and restrict management interfaces to trusted IP ranges.

ClickFix Attacks Also on the Rise

Barracuda flagged another growing threat: ClickFix social engineering attacks where users are tricked into copying and running a malicious script to fix a fake technical issue. These attacks are harder for automated security systems to detect because the user executes the payload themselves. Organizations should restrict who can run PowerShell and command-line tools, and invest in end-user security awareness training.

WAFplanet Take

Brute-force attacks against edge devices are not new, but the scale and geographic concentration here is notable. If you are running SonicWall or Fortinet appliances, audit your login policies today. MFA on management interfaces is table stakes. A Web Application Firewall with rate limiting and bot detection adds another layer that can throttle these attacks before they reach your authentication systems. Solutions like Cloudflare, Imperva, and Barracuda WAF all offer brute-force protection capabilities. The geopolitical dimension makes this more urgent, but the fundamentals are the same: do not expose weak credentials to the internet.