Global Spike in SSH/Telnet Scans Signals Upcoming Credential‑Stuffing Campaigns

The SANS Internet Storm Center’s Stormcast podcast reported a sharp increase in scans targeting SSH (port 22) and Telnet (port 23) across several continents over the past week. Automated tools are probing these services to enumerate reachable hosts, collect banner data, and identify weak authentication configurations.

This activity is a precursor to large‑scale credential‑stuffing and brute‑force attacks. Organizations with exposed remote‑access services should verify that strong, multi‑factor authentication is enforced, limit login attempts, and ensure all default credentials are disabled. Early detection and remediation can prevent attackers from turning these scans into successful compromise attempts.

Categories: Threat Intelligence, Identity & Access Management

Source: Read original article