top of page

SSH, the "new" old target!

Updated: Apr 24

On 04/21, the biggest hacker movement ever seen in the history of HackNet was identified in search of a service.

The search for the SSH service had a sudden increase of more than 1,000x in relation to the traffic considered normal.

The service was searched for by more than 12,000 different IPs, coming from 127 countries, totaling 1,450,854 access attempts.

Top 10 countries by amount of attackers:

2130 United Kingdom

2050 Taiwan

1875 United States

698 Japan

571 Russia

451 South Korea

402 Australia

398 Italy

333 Canada

327 Argentina

Assuming that a service would not be so sought after if there were not a great possibility of carrying out some type of exploitation, NetSensor carried out an investigation into the exposure of this service on the Internet, reaching worrying results, although they should not surprise most security professionals.

Among the identified items we highlight:

  • A large number of service exposures, probably without the real need, either due to carelessness during implementation, or due to a poor choice of solution used to meet a specific demand.

  • Services allowing enumeration of available shares.

  • Most of the services exposed then in public Cloud networks

Will we see a new CVE involving some SSH implementation?

Is it just a search for already known vulnerabilities and/or weak/leaked credentials?

The fact is, if you have server(s) with SSH among the tens of millions existing on the internet today, you should be aware!

It may seem cliché, something trivial, but unfortunately it is not:

“Review unnecessary exposures of the SSH service”.

Although there are several vulnerabilities in services and market applications, the greatest vulnerabilities continue to be inserted by people, whether due to carelessness, lack of knowledge or short delivery times.

Read too:

13 views0 comments


Post: Blog2_Post
bottom of page