Trump / Putin Summit Was A Magnet For Hackers

Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation. President Donald Trump's recent meeting with Russian counterpart Vladmir Putin in Helsinki proved to be as much a magnet for cyber-attackers as his Singapore meeting with Korean leader Kim Jong-un in June.

As with the previous attacks, the ones in Finland appear to be mostly attempts to break into weakly protected Internet of things (IoT) devices to be used to spy on targets of interest in Finland. 

The main difference was that instead of the attacks mostly emanating from Russia, this time a majority of attacks came from networks in China.

F5 Networks, which was the first to report on the Singapore attacks in June, this week reported a similar big spike in malicious traffic directed at targets in Finland in the days leading to the Trump-Putin summit.

As in Singapore, the Finland attacks targeted ports and protocols used by IoT devices, such as SIP port 5060, which is associated with VoIP phones and videoconferencing systems, and SQL port 1433 and Telnet port 23, for remote administration of IoT devices. 

"Nation-states, spies, mercenaries, and others don't need to dress up as repairmen to plant bugs in rooms anymore," F5 Networks said in its report. "They can just hack into a room that has vulnerable IoT devices."

Researchers at F5 Networks also noted some differences among the attacks. SIP port 5060, for instance, was the top targeted port in the Singapore attacks, while in Finland it was SSH port 22, typically used for secure remote administration, followed by SMB port 445. 

"The ports being attacked are popular ports overall," says Sara Boddy, threat researcher at F5 Networks. "We expect to see attacks against 3306 and other popular database ports and data services like TCP/9200. 

“This is due to data being made public that should have remained private," she says. What is interesting is the different targeting by different threat actors. "Perhaps attackers coming out of Russia prefer SIP attacks, as we saw in Singapore, versus SSH attacks out of China, like we saw in Finland."

China was not the only country where attack traffic spiked during the Trump / Putin meeting in Helsinki. Italy and Germany also had noticeable spikes. 

In typical weeks, Italy and Germany rank 13th and 14th in the list of top-attacking countries in Finland. In the days preceding the meeting, the volume of attack traffic put them in the fourth and seventh spots, respectively, F5 Networks said. 
Attack traffic from the US dropped slightly from usual but was still enough to keep the country in second spot, behind China. Meanwhile, Russia-based threat actors hit the brakes somewhat in that period, dropping the country from its usual third most-attacking country status to fifth.

Given the timing and targeting, it is safe to assume that a combination of state-sponsored actors and other malicious threat actors are behind the attacks, Boddy says. "Everyone has a stake in the game, from adversaries wanting to spy, to friendlies that also want to know what's going on, to hacktivists who want a lead on a story," she said. 

Distant as such attacks might seem, businesses need to pay attention. The attacks highlight the importance for enterprises to secure all Internet-connected infrastructure from rack servers in a data center to security cameras, wireless access points, phone and video-conferencing systems, entertainment systems, HVAC systems, and vending machines, Boddy notes.

At a minimum, security means protecting remote administration to your devices or restricting them to a specified management network, always changing default vendor passwords, and staying properly patched, she says.

Dark Reading

You Might Also Read: 

Spies Hack Journalism:

Singapore: The Place To Launch Cyber Attacks From:

Trump Tells US Cyber Command To Get More Aggressive:      

 

« What A ‘Cyber 9/11’ Would Look Like
MoneyTaker Take Money From A Russian Bank »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

drie

drie

drie is an end-to-end cloud services company based in Bahrain, Dubai and London. We enable businesses to adopt, scale on and build for cloud.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

Acreto

Acreto

Acreto is an end-to-end security infrastructure that protects all your technologies with a single, simple cloud service.

Dazz

Dazz

Dazz is the cloud security remediation platform for smart security and development teams.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.