Security Architecture, Endpoint/Device Security, IoT, Threat Management, Threat Intelligence, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Cyberattacks soared in Finland prior to Trump-Putin summit; IoT devices a major target

Cyberattacks perpetrated against Finland skyrocketed in the days leading up to the July 16 Helsinki summit between President Donald Trump and Russian President Vladimir Putin -- the majority of which were attempts to brute force Internet of Things devices via SSH port 22, according to researchers from F5 Networks.

A recently published blog post from the company explains that the attackers were likely trying to use compromised IoT devices as "eyes and ears" to gather intel on the two world leaders and their collective staffers. The attacks seriously began to spike on July 12 and reached their peak two days later.

F5 found that from July 14-16, 35 percent of cyberattacks against Finland originated from Chinese networks (the U.S. was next at 12 percent). In the preceding two-month time period, when incidents were far less frequent, Chinese networks launched only 30 percent of the attacks launched on Finland.

Meanwhile, only seven percent of the July 14-16 attacks came from Russian networks, compared to 14 percent in the prior two months -- perhaps a sign that Russian hackers backed off due to Putin's presence at the summit.

Sixty-two percent of the July 14-16 cyberattacks against Finland attempted to abuse the SSH (Secure Shell) remote management port on IoT devices. "SSH is often used by IoT devices for 'secure' remote administration," the blog post explains. "The challenge is that the device credentials are typically vendor defaults and, as such, are routinely brute forced."

The next most commonly exploited protocols during the attacks were SMB (Server Message Block, 12 percent), SIP (Session Initiation Protocol, 10 percent) and HTTP (six percent). F5 notes that it has no evidence indicating that any of the attacks succeeded.

"It's not often in cybersecurity that we get to work with absolutes, but we've said it before: these kinds of brute force attacks are 100% avoidable," said Craig Riddell, senior solutions architect at SSH Communications Security." Ephemeral access [allowing users limited, temporary access to a device or resource] is a real thing today, but we understand that not all businesses can be on the cutting edge at all times. Why not add in two-factor or multi-factor authentication or a hardened SSH key pair, for example...?"

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.