On 04/21, the biggest hacker movement ever seen in the history of HackNet was identified in search of a service.
The search for the SSH service had a sudden increase of more than 1,000x in relation to the traffic considered normal.
The service was searched for by more than 12,000 different IPs, coming from 127 countries, totaling 1,450,854 access attempts.
Top 10 countries by amount of attackers:
2130 United Kingdom
2050 Taiwan
1875 United States
698 Japan
571 Russia
451 South Korea
402 Australia
398 Italy
333 Canada
327 Argentina
Assuming that a service would not be so sought after if there were not a great possibility of carrying out some type of exploitation, NetSensor carried out an investigation into the exposure of this service on the Internet, reaching worrying results, although they should not surprise most security professionals.
Among the identified items we highlight:
A large number of service exposures, probably without the real need, either due to carelessness during implementation, or due to a poor choice of solution used to meet a specific demand.
Services allowing enumeration of available shares.
Most of the services exposed then in public Cloud networks
Will we see a new CVE involving some SSH implementation?
Is it just a search for already known vulnerabilities and/or weak/leaked credentials?
The fact is, if you have server(s) with SSH among the tens of millions existing on the internet today, you should be aware!
It may seem cliché, something trivial, but unfortunately it is not:
“Review unnecessary exposures of the SSH service”.
Although there are several vulnerabilities in services and market applications, the greatest vulnerabilities continue to be inserted by people, whether due to carelessness, lack of knowledge or short delivery times.
Read too:
댓글