Surge in Legacy Brute‑Force and New Port‑Scan Tactics Spotted Globally

The March 12, 2026 ISC Stormcast report shows a sharp rise in brute‑force attempts targeting legacy services such as SMB 1.0, Telnet, and older SSH implementations. Attackers are leveraging credential‑stuffing botnets to flood these outdated endpoints, causing repeated login failures and increasing the risk of successful compromise on systems that have not been patched or decommissioned.

Concurrently, a novel port‑scan pattern has emerged, focusing on non‑standard high‑range ports (e.g., 50000‑51000) and employing slower, distributed probes to evade typical detection thresholds. This behavior suggests reconnaissance for obscure services or misconfigured cloud workloads. Defenders should prioritize tightening access controls on legacy protocols, enforce MFA where possible, and update IDS/IPS signatures to catch the low‑and‑slow scanning methodology before attackers move to exploitation.

Categories: Threat Intelligence

Source: Read original article