Spike in SSH/Telnet Scans Signals Botnet Recon Across Global Assets

The ISC podcast released on March 9 2026 reported a sharp increase in automated SSH and Telnet probing. Botnet operators are flooding the internet with credential‑guessing packets, targeting any host that still exposes these legacy services. Early telemetry shows a 250 % jump in scan volume compared with the previous week, with attempts originating from dozens of geographically dispersed command‑and‑control nodes.

The surge raises the likelihood of successful brute‑force compromises, especially on systems that rely on default passwords or weak authentication. Compromised devices can be co‑opted into further attacks, expanding the botnet’s reach and amplifying downstream threats such as ransomware delivery or data exfiltration. Defenders should prioritize disabling unnecessary Telnet/SSH endpoints, enforce strong, key‑based authentication, implement rate‑limiting and honeypot monitoring, and ensure timely patching to reduce the attack surface before the botnet harvests more credentials.

Categories: Threat Intelligence, Identity & Access Management

Source: Read original article