Cyber-attacks perpetrated against Finland skyrocketed in the days leading up to the 16 July Helsinki summit between President Donald Trump and Russian President Vladimir Putin -- the majority of which were attempts to brute force Internet of Things devices via SSH port 22, according to researchers from F5 Networks.
A recently published blog post from the company explains that the attackers were likely trying to use compromised IoT devices as "eyes and ears" to gather intel on the two world leaders and their collective staffers. The attacks seriously began to spike on 12 July and reached their peak two days later.
F5 found that from 14-16 July, 35 percent of cyber-attacks against Finland originated from Chinese networks (the US was next at 12 percent). In the preceding two-month time period, when incidents were far less frequent, Chinese networks launched only 30 percent of the attacks launched on Finland.
Meanwhile, only seven percent of the 14-16 July attacks came from Russian networks, compared to 14 percent in the prior two months -- perhaps a sign that Russian hackers backed off due to Putin's presence at the summit.
Sixty-two percent of the 14-16 July cyber-attacks against Finland attempted to abuse the SSH (Secure Shell) remote management port on IoT devices. "SSH is often used by IoT devices for 'secure' remote administration," the blog post explains. "The challenge is that the device credentials are typically vendor defaults and, as such, are routinely brute forced."
The next most commonly exploited protocols during the attacks were SMB (Server Message Block, 12 percent), SIP (Session Initiation Protocol, 10 percent) and HTTP (six percent). F5 notes that it has no evidence indicating that any of the attacks succeeded.
"It's not often in cyber-security that we get to work with absolutes, but we've said it before: these kinds of brute force attacks are 100 percent avoidable," said Craig Riddell, senior solutions architect at SSH Communications Security." Ephemeral access [allowing users limited, temporary access to a device or resource] is a real thing today, but we understand that not all businesses can be on the cutting edge at all times. Why not add in two-factor or multi-factor authentication or a hardened SSH key pair, for example...?"