The attack traffic recorded by F-Secure's global network of honeypots tripled from the last six months of 2018 to the first six months of 2019. In H2 2018, the network recorded 813 million attacks. In H1 2019, that figure leapt to 2.98 billion attacks.
Some of this increase will be down to a few additional honeypots added to the network, and improvements to their telnet and SMB plugins; but there's no doubt, writes F-Secure in an analysis (PDF) of the attack landscape, "given the continuing spread in infected IoT devices, the prevalence of Eternal Blue, and increasing numbers of DDoS attacks, that attack traffic is also simply on the increase."
Much of this traffic is down to two fundamental causes: the growing internet of things, and the continuing prevalence of SMB worms. "Attacks may come from any sort of connected computing device -- a traditional computer, malware infected smartwatch or IoT toothbrush can be a source," says F-Secure.
Of the 2.9 billion hits, 2.1 billion were on TCP ports. The most common attack was against the telnet-related port 23. Telnet is still often used by IoT devices, and Mirai remains a prime cause. Earlier this week, Vulnerability-Lab disclosed zero-day flaws in Telestar Digital IoT radios. "We noticed an undocumented Telnet service on the standard port 23 on the said end devices during a port scan," said the researchers. "Since port forwarding was activated for all ports on this network, it could be addressed from the outside."
This led Bob Rudis, chief data scientist at Rapid7, to comment, "Organizations should not allow Telnet to be used as a means of device access or control either in development or in production in any way, shape or f ..
Support the originator by clicking the read the rest link below.
