Palo Alto Networks Under Siege: 500% Spike in Suspicious Scans Raises Eyebrows!

Brace yourselves, IT folks! A surge in suspicious scans is rattling Palo Alto Networks login portals. Cybersecurity firm GreyNoise reports a whopping 500% rise in IP addresses homing in on GlobalProtect and PAN-OS profiles. If your system were a cat, it would definitely be hissing by now! Keep those firewalls purring.

3P
Published: October 4, 2025 3:34 pmAdded: October 4, 2025 at 8:52 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Palo Alto Networks’ login portals are getting more attention than a cat meme on the internet! With a 500% increase in suspicious scans, it seems like cybercriminals are throwing a party, and everyone’s invited…except the security teams, of course. Better lock those doors, folks, because these IP addresses are creeping in like your nosy neighbor peeking through your window blinds!

Key Points:

  • GreyNoise reports a 500% spike in scans targeting Palo Alto Networks GlobalProtect and PAN-OS profiles.
  • On October 3, over 1,285 unique IPs were identified in the activity, up from the usual 200.
  • Most suspicious IPs are based in the U.S., with smaller groups in the U.K., Netherlands, Canada, and Russia.
  • GreyNoise classifies 91% of the IP addresses as suspicious and another 7% as malicious.
  • Grafana also saw increased exploitation attempts of an old path traversal vulnerability (CVE-2021-43798).

Guess Who’s Coming to Hack?

Palo Alto Networks is the latest darling of the cyber underworld, with researchers observing a dramatic 500% surge in suspicious scans. The activity reached its zenith on October 3, when over 1,285 unique IP addresses were found trying to crash the virtual party, way above the typical 200 that usually show up. Most of these digital gatecrashers are based in the U.S., though it seems like a few international party poopers from the U.K., the Netherlands, Canada, and Russia decided to RSVP as well.

The IP Address Conspiracy

In this episode of “Attack of the IPs,” GreyNoise reveals that 91% of the IP addresses were up to no good, while another 7% were downright malicious. Turns out, these cyber sleuths have been directing their detective work towards Palo Alto’s GlobalProtect and PAN-OS profiles, presumably after getting inspired by public tools like Shodan or Censys. And just like a good whodunit, the plot thickens with clusters focusing on both the U.S. and Pakistan, each with their own distinct TLS fingerprints but also some overlapping elements.

Zero-Day Doom and Gloom

GreyNoise, the cybersecurity Cassandra, has been crying wolf about the ominous signs of impending attacks. They’ve previously pointed out how a spike in network scans often preludes exploits of zero-day or n-day vulnerabilities. Just ask Cisco ASA devices, which found themselves in a similar pickle, only to have their fears confirmed with a zero-day vulnerability attack shortly after. However, when it comes to Palo Alto Networks, the correlation isn’t as strong. So, there’s still hope that this isn’t the start of a disaster movie.

The Grafana Drama

Not to be outdone, Grafana is also feeling the heat from the cyber community. Researchers have detected a flare-up in exploitation attempts on an old path traversal vulnerability (CVE-2021-43798). These attacks, mostly hailing from Bangladesh, have been making waves since September 28, targeting systems in the U.S., Slovakia, and Taiwan. The attacks seem consistent enough to suggest they’re automated, which is either efficient or just lazy, depending on your point of view.

The Cybersecurity Checklist

So, what are the good folks at GreyNoise recommending? Well, for starters, administrators should ensure their Grafana instances are patched against CVE-2021-43798. They’ve also put together a most-wanted list of 110 malicious IP addresses that need to be blocked faster than a bad ex on social media. And for the grand finale, administrators should delve into their logs for any evidence of path traversal requests that might have returned sensitive files. It’s like a treasure hunt, but with fewer doubloons and more digital headaches.

In conclusion, while cybercriminals might be having a field day scanning Palo Alto Networks and poking around Grafana vulnerabilities, cybersecurity teams are left to play defense and keep the digital fortresses secure. It’s a cat-and-mouse game, and the stakes have never been higher. So, sharpen those virtual swords and prepare for battle, because the world of cybersecurity is as unpredictable as ever!

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?