Hello, welcome to the Wednesday, June 1st, 2016 edition of the Sandton and Storm Center's

Stormcast. My name is Johannes Ulrich, and the I am recording from Jacksonville, Florida.

Over the weekend, we saw a pretty significant uptick in Telnet scans. Now,

Telnet, of course, is heavily attacked no matter what day it is,

but the number of sources that were scanning for Telnet servers about doubled this weekend

and the attacks appear to be continuing into today. So it not over yet problem is we don't really

know what's exactly responsible for this uptick there is of course so much

going on on telnet every day so it's a little bit hard to really identify one

particular exploit or one particular bot that increased the scan rate by this amount.

It's not just us seeing it. There are a couple other people that reported to us that they're seeing

similar increases in inbound Telnet traffic. Overall, of course, you should not expose telnet. The most likely

target, according to the exploits, we are seeing our embedded devices that expose telnet, and then

an attacker would get shell access and then use busy box on the device to download additional malware.

So my best guess at this point is some stupid old vulnerability in some kind of router IP

camera or anything like that that exposes Telnet. Make sure that you are not exposing telnet from any device like that,

block it at your firewall and then make sure that the firewall itself can't be reached via

telnet. And dual security looked at some of the update software that is commonly shipped

with many laptops. Typically, this software is used to keep

system drivers and the like up to date, but also to update loadware that's often

pre-installed on systems when you purchase it from these OEMs. Well, in part, in order to update things like system drivers,

this software does run as a system.

So if there is a vulnerability, an attacker does get full access to the system.

...