Surge in SSH/Telnet Scans and IoT Botnet Growth Signals New Attack Wave

The latest ISC Stormcast briefing reports a sharp uptick in automated scans targeting weak SSH and Telnet endpoints across enterprise networks, alongside a notable expansion of IoT‑based botnets that are leveraging insecure devices for command‑and‑control and DDoS campaigns. Threat actors are exploiting default credentials and unpatched firmware to amass large pools of compromised hosts, increasing the likelihood of credential‑stuffing attacks and lateral movement into critical assets.

Defenders must act now to contain the risk. Implement strict network segmentation that isolates legacy protocol access from core systems, enforce multi‑factor authentication and key‑based SSH, and deploy continuous monitoring for anomalous scan traffic and IoT device behavior. Early detection of scanning bursts and botnet beaconing can halt the recruitment phase, reducing exposure to ransomware, data exfiltration, and large‑scale service disruption.

Categories: Threat Intelligence

Source: Read original article