Cyber-Attacks on Finland Intensified Before the Trump-Putin Summit
Prior to the Trump-Putin summit that took place on July 16 in Helsinki, Finland, cyber-attacks on the host country saw an uncharacteristic spike of activity.
Experts believe this rise of cyber-attacks targeting Finland is directly tied to the high-level political meeting that took place in the country.
Finland is not usually a target
According to F5 Networks, the cyber-security firm who noticed the increased activity targeting Finland, the spike in attacks started circa July 12, four days before the meeting.
"Finland is not typically a top attacked country," F5 said, "it receives a small number of attacks on a regular basis. [...] Starting on July 12, 2018, attacks towards Finland spiked, the majority of which were brute force attac ks against SSH port 22."
Port 22 is frequently used to take over routers and IoT devices. These devices are often targeted because they have weaker security and often use simple-to-guess or default credentials.
Nation-state hackers are known to target routers and IoT devices and use them as pivot points inside larger networks to relay other attacks and compromise other equipment.
Besides scans for port 22, F5 says it also saw spikes in scans for other ports that have been used to take over smart devices, routers, and spread malware, such as ports 23 (Telnet), 445 (SMB), 5060 (SIP), MySQL (3306), SQL (1433), and others.
Most attacks originated from China
F5 experts say that the vast majority of these scans originated from China. While China is often the main source of cyber-attacks in many cases due to the lar ge number of data centers residing in the country, F5 experts also point out that this is not always true.
For example, they say that during the Trump-Kim summit that took place in Singapore last month, Russia was the main source of similar scans against Singapore's IT infrastructure, and not China.
Experts suggest that some of these scans might have been carried out by politically motivated attackers, and China might have had more interest in gaining a foothold into Finnish networks this time around, rather than Russia, who was participating in the summit.
F5 Networks says that these spikes in cyber-attacks before political summits are becoming a mundane occurrence nowadays. The sad part is that routers and IoT devices are so insecure by design that in many cases hackers will get the initial foothold they're looking for.
King Ouroboros Ransomware Dev Vents to Researchers on Twitter
USB Fans Handed Out at Trump- Kim Summit Deemed Harmless
Chrome Extension Hijacks Search Results While Filtering Trump from the WebSource: Google News Finland | Netizen 24 Finland