Surge in SSH/Telnet Scans Signals Aggressive IoT Recon

The ISC Stormcast podcast for March 23 2026 flagged a sharp rise in automated scans against SSH and Telnet ports. Threat actors are probing for exposed IoT, industrial control, and legacy systems that still rely on these insecure services, aiming to locate weak credentials or outdated firmware.

Defenders should treat the spike as an early warning of increased reconnaissance. Unchecked scans often precede credential‑stuffing attacks or ransomware deployment, especially on devices that lack regular patching. Immediate steps include tightening access controls, enforcing key‑based SSH authentication, disabling unused Telnet services, and monitoring for abnormal connection attempts to reduce the attack surface.

Categories: Threat Intelligence, Identity & Access Management, SOC & Automation

Source: Read original article