Cybersecurity researchers from F5 Networks just released a report uncovering a spike in cyber-attack traffic targeting the meetings between President Trump and President Putin this week in Helsinki, Finland.
Finland, which is rarely a target of major cyber-attacks, saw a majority of attacks originating from China that tried to access vulnerable IoT devices that could be turned on remotely to spy on sensitive conversations.
About the attack:
- This attack follows a growing trend of hackers following President Trump’s high-profile meetings with other world leaders. Most recently, Singapore saw a major spike in malicious traffic around last month’s S./North Korea summit.
- This attack was a method known as a “brute force attack” against SSH port 22, in which hackers attempt to rapidly try username/password combinations to access vulnerable systems.
- In this case, hackers attacked a protocol used for IoT devices that could be turned on to listen in on private meetings, and as many of these devices still use factory settings (which often include usernames that are the name of the manufacturer or software provider), this can be an effective way to gain control over poorly secured access points.
To mitigate these types of attacks, all businesses should be securing all of their Internet connected infrastructure, including:
- Protecting remote administration to any device on the network with a firewall, VPN, or restrict it to a specified management network. Never allow open communication to the entire Internet.
- For home IoT, leverage network address translation (NAT) if you can’t install a home firewall (note that home firewalls have also been targeted by thingbots).
- Always change vendor default administration credentials.
- Stay up to date with any security patches released by the manufacturer.
- Change the name and password on all routers and connected devices…especially if President Trump is in town!