Cyberattacks in Finland Surge During Trump-Putin Summit

  /     /     /  
Publicated : 22/11/2024   Category : security


Cyberattacks in Finland Surge During Trump-Putin Summit


Attackers targeted IoT devices like they did during Trumps June meeting with North Koreas Kim Jong-un, but this time China was the top-attacking nation.



President Donald Trumps recent meeting with Russian counterpart Vladmir Putin in Helsinki proved to be as much a magnet for cyberattackers as his Singapore meeting with Korean leader Kim Jong-un in June.
As with the previous attacks, the ones in Finland appear to be mostly attempts to break into weakly protected Internet of things (IoT) devices to be used to spy on targets of interest in Finland. The main difference was that instead of the attacks mostly emanating from Russia, this time a majority of attacks came from networks in China.
F5 Networks, which was the first to report on the
Singapore attacks
in June, this week reported a similar big spike in malicious traffic directed at targets in Finland in the days leading to the Trump-Putin summit.
As in Singapore, the Finland attacks targeted ports and protocols used by IoT devices, such as SIP port 5060, which is associated with VoIP phones and videoconferencing systems, and SQL port 1433 and Telnet port 23, for remote administration of IoT devices. Nation-states, spies, mercenaries, and others dont need to dress up as repairmen to plant bugs in rooms anymore, F5 Networks said in its
report
. They can just hack into a room that has vulnerable IoT devices.
Researchers at F5 Networks also noted some differences among the attacks. SIP port 5060, for instance, was the top targeted port in the Singapore attacks, while in Finland it was SSH port 22 — typically used for secure remote administration — followed by SMB port 445. Other ports and protocols targeted this time around that were not targeted in June included HTTP port 80, MySQL port 3306, port 8090 (often used for Web cameras), and RDP port 3389.
The ports being attacked are popular ports overall, says Sara Boddy, threat researcher at F5 Networks. We expect to see attacks against 3306 and other popular database ports and data services like TCP/9200. This is due to data being made public that should have remained private, she says. What is interesting is the different targeting by different threat actors. Perhaps attackers coming out of Russia prefer SIP attacks — as we saw in Singapore — versus SSH attacks out of China, like we saw in Finland.
China was not the only country where attack traffic spiked during the Trump-Putin meeting in Helsinki. Italy and Germany also had noticeable spikes. In typical weeks, Italy and Germany rank 13th and 14th in the list of top-attacking countries in Finland. In the days preceding the meeting, the volume of attack traffic put them in the fourth and seventh spots, respectively, F5 Networks said. Attack traffic from the US dropped slightly from usual but was still enough to keep the country in second spot, behind China. Meanwhile, Russia-based threat actors hit the brakes somewhat in that period, dropping the country from its usual third most-attacking country status to fifth.
Given the timing and targeting, it is safe to assume that a combination of state-sponsored actors and other malicious threat actors are behind the attacks, Boddy says. Everyone has a stake in the game — from adversaries wanting to spy, to friendlies that also want to know whats going on, to hacktivists who want a lead on a story, she said. 
Distant as such attacks might seem, businesses need to pay attention. The attacks highlight the importance for enterprises to secure all Internet-connected infrastructure from rack servers in a data center to security cameras, wireless access points, phone and videoconferencing systems, entertainment systems, HVAC systems, and vending machines, Boddy notes.
At a minimum, security means protecting remote administration to your devices or restricting them to a specified management network, always changing default vendor passwords, and staying properly patched, she says.
Related Content:
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Destructive Nation-State Cyberattacks Will Rise
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
 
 
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cyberattacks in Finland Surge During Trump-Putin Summit