In the days leading up to the recent meeting between US President Donald Trump and Russian President Vladimir Putin in Helsinki, Finland, researchers noticed a dramatic spike in attacks on IoT devices in the country. Most of the attacks came from China, the data showed.
The attacks reportedly sought access to devices that might leak intelligence, whether audio or visual, for Chinese perpetrators.
“The attacks launched from China came from networks that are commonly in our top 10 attacking networks list,” the researchers said.
According to the Office of the Counterintelligence Executive, China is “the world’s most active and persistent perpetrator of economic espionage.”
The top five ports leveraged were SSH, SMB, SIP, HTTP, and MySQL, of which SSH brute force attacks are the most common method used to exploit IoT devices online.
The modus operandi isn’t new; researchers knew exactly which hacking groups and techniques to look for, as they noticed the same trend during Trump’s visit to Singapore to meet with North Korean Supreme Leader Kim Jong-un on June 12.
“Between the Singapore and Finland attacks, some common protocols were targeted, such as SIP port 5060 that VoIP phones and video conferencing systems use (#3 in Finland attacks, #1 in Singapore attacks), SQL port 1433 (#6 in Finland attacks, #3 in Singapore attacks), and Telnet port 23, often used for remote administration of IoT devices (#3 in Finland attacks, #9 in Singapore attacks),” researchers said.
In the Finland attacks, SSH port 22 was the primary attack vector, followed by SMB port 445. IoT devices use SSH for “secure” remote administration but, when the vendor bakes in default credentials that are easy to crack through brute force attacks, the devices remain highly vulnerable to exploitation.
Not surprisingly, most salvos against Finland during the Trump-Putin meeting were brute force attacks, researchers said.
It’s hard to say if the hacks produced the intel the attackers were after – obtaining such evidence would require researchers to access the targeted systems, which would put them in the same boat as the hackers. In other words, it would be illegal.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024