New SSH/Telnet Scans, OpenSSL Exploit, and Ransomware‑Driven DDoS Spike Alert

The SANS Internet Storm Center observed a sharp rise in automated scans targeting SSH and Telnet services, primarily originating from IP ranges in East Asia. At the same time, a previously unknown exploit against legacy OpenSSL libraries began circulating, capable of triggering remote code execution on vulnerable servers still running outdated versions. These activities were flagged in the Stormcast released on April 2nd.

Concurrently, a noticeable increase in DDoS amplification attempts was linked to ongoing ransomware campaigns, leveraging misconfigured UDP services to overwhelm targets. Defenders should prioritize patching OpenSSL, hardening SSH/Telnet access (e.g., key‑based authentication, rate limiting), and monitoring for abnormal traffic patterns that may indicate amplification attacks, as the combined threat vector can lead to rapid service disruption and data compromise.

Categories: Vulnerabilities & Exploits, Threat Intelligence

Source: Read original article