At dawn yesterday, July 4th, the biggest hacker movement ever seen by HACKNET was detected in search of assets with the telnet service exposed on the Internet, which reached an amount about 3x greater than was considered normal.
"Before we started to see this increase, we had about 1500 search detections for the service each day. The amount has been increasing over the last 45 days and as of yesterday, the number has reached almost 5500 detections."
What explains the increase?
The increase in hacker activity looking for the telnet service could have occurred for different reasons. Here are the main explanations for phenomena like this:
Discovery of some new vulnerability in equipment with this service;
Search for equipment with manufacturer's standard access credentials;
Exploitation of IoT equipment for use in botnets, which can be used, for example, for DDoS attacks;
Exploration of IoT equipment for mining;
How did the detection take place?
The peak of the detection of hacker activity in search of the telnet service occurred in the early hours of the 4th of July, in which several exploit attempts were identified from thousands of IP addresses around the world.
For this, the technology of HACKNET was used, an Artificial Neural Network project focused on cyber security that collects, analyzes and catalogs information about hacking activities recently detected in different parts of the planet.
This information helps in identifying changing patterns in hacker movements and new services being targeted by these criminals.
From there, security analysts can make adjustments and take greater care with new targets that are being searched on the internet.
In addition, a summary of hacking activities is made available daily on the HACKNET website – including the services most sought after by hackers, the countries that generated the most hacking activities and the points where these activities were detected.
Recommendations
Our experts recommend taking some precautions, such as:
Review unnecessary exposures to the Internet service and, where possible, disable the service;
Identify existing access credentials, including on IoT equipment, and ensure that you have changed any manufacturer's password for your password and that it follows the recommendations for a strong password;
Consider changing the telnet service to a more secure access service, such as SSH;
Consider providing access through VPN instead of directly exposing it to the Internet;
Want to stay updated on hacker moves?
Then follow the HACKNET information.