SSH/Telnet Scan Spike Reveals New Port Probes — Defenders Must Act

The ISC Stormcast for March 25 2026 recorded a sharp rise in automated scans against SSH (port 22) and Telnet (port 23), while traffic on several historically idle ports also began to appear. The activity is being driven by opportunistic actors hunting for devices with default credentials or exposed services, using widely available scanning tools to map vulnerable infrastructure.

Defenders should treat this surge as an early warning sign. Unsecured or misconfigured devices can be compromised quickly, providing footholds for deeper intrusion or botnet recruitment. Immediate actions include tightening SSH/Telnet access controls, disabling unused services, enforcing strong authentication, and expanding monitoring to cover the newly active ports. Proactive remediation now can prevent a wave of successful compromises later.

Categories: Threat Intelligence, SOC & Automation

Source: Read original article