Cyberattacks perpetrated against Finland skyrocketed in the days leading up to the July 16 Helsinki summit between President Donald Trump and Russian President Vladimir Putin -- the majority of which were attempts to brute force Internet of Things devices via SSH port 22, according to researchers from F5 Networks.
A recently published blog post from the company explains that the attackers were likely trying to use compromised IoT devices as "eyes and ears" to gather intel on the two world leaders and their collective staffers. The attacks seriously began to spike on July 12 and reached their peak two days later.
F5 found that from July 14-16, 35 percent of cyberattacks against Finland originated from Chinese networks (the U.S. was next at 12 percent). In the preceding two-month time period, when incidents were far less frequent, Chinese networks launched only 30 percent of the attacks launched on Finland.
Meanwhile, only seven percent of the July 14-16 attacks came from Russian networks, compared to 14 percent in the prior two months -- perhaps a sign that Russian hackers backed off due to Putin's presence at the summit.
Sixty-two percent of the July 14-16 cyberattacks against Finland attempted to abuse the SSH (Secure Shell) remote management port on IoT devices. "SSH is often used by IoT devices for 'secure' remote administration," the blog post explains. "The challenge is that the device credentials are typically vendor defaults and, as such, are routinely brute forced."
The next most commonly exploited protocols during the attacks were SMB (Server Message Block, 12 percent), SIP (Session Initiation Protocol, 10 percent) and HTTP (six percent). F5 notes that it has no evidence indicating that any of the attacks succeeded.
"It's not often in cybersecurity that we get to work with absolutes, but we've said it before: these kinds of brute force attacks are 100% avoidable," said Craig Riddell, senior solutions architect at SSH Communications Security." Ephemeral access [allowing users limited, temporary access to a device or resource] is a real thing today, but we understand that not all businesses can be on the cutting edge at all times. Why not add in two-factor or multi-factor authentication or a hardened SSH key pair, for example...?"