Hackers exploit aging Telnet protocol

A recently published report warns that an increasing number of hackers are exploiting Telnet as a method of gaining access to corporate servers.

The report – authored by Akamai Technologies – indicates that ten percent of attacks originating from mobile networks are directed at “Port 23,” which is typically used by the Telnet protocol.

Telnet, an older service, has steadily been replaced by the more secure, SSH (Secure Shell) protocol for remote access. However, administrators who have forgotten to disable Telnet may still be a tempting digital target.

“We believe that the observed attack traffic that is originating from known mobile networks is likely being generated by infected PC-type clients connecting to wireless networks through mobile broadband technologies and not by infected smartphones or similar mobile devices,” the report explained.

Overall, 17 percent of hacks were directed at Telnet, with Port 23 cited as “the top targeted port for attacks.” The majority of Telnet attacks were also found to have originated in Egypt, Peru and Turkey.

“[Yet], it is not clear if there is a common thread that connects these three countries, nor whether these observed attacks were brute-force login attempts or some other botnet-related traffic.”

In more optimistic news, attacks against Port 445 – commonly used by Microsoft software – is reportedly on the decline, after spiking last year with the help of the infamous Conficker worm.

“While the percentages are still fairly significant, this decline may signal ongoing efforts by network service providers to identify and isolate infected systems, as well as ongoing efforts to patch and/or upgrade infected systems,” the report concluded.

(VIa Network World