Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Trump-Putin Meeting Puts Finland on Cyber-Attack Target List

Historically, Finland has not been targeted by a high number of cyber-attacks, but digital assaults spiked in the days prior to the July 16 meeting between U.S. President Donald Trump and Russian President Vladimir Putin in Helsinki.

Historically, Finland has not been targeted by a high number of cyber-attacks, but digital assaults spiked in the days prior to the July 16 meeting between U.S. President Donald Trump and Russian President Vladimir Putin in Helsinki.

The massive rise in cyber-attacks isn’t surprising, given the precedent established earlier this year, when Singapore received a massive wave of attacks from June 11 to June 12, during the Trump-Kim summit.

While most of the cyber-attacks observed during President Trump’s meeting with the North Korean leader appeared to originate from Russia, those observed last week were mainly launched from China, F5 reports.

The Finland and Singapore cyber-attacks showed some similarities in targeted ports, which included SIP port 5060, which is typically used by VoIP phones (#3 in Finland attacks, #1 in Singapore attacks), SQL port 1433 (#6 in Finland, #3 in Singapore), and Telnet port 23 (#3 in Finland, #9 in Singapore).

The most attacked port in the new wave of assaults, however, was SSH port 22, followed by SMB port 445. SSH is often used for the secure remote administration of Internet of Things (IoT) devices, but vendors often secure devices with easily guessable credentials, which turns these products into easy targetes for cybercriminals.

“The device credentials are typically vendor defaults and, as such, are routinely brute forced. The majority of the attacks against Finland surrounding the Trump-Putin meeting were brute force attacks,” F5 notes.

The Finland assaults also targeted ports that weren’t seen in the Singapore attacks, including HTTP port 80, MySQL port 3306, the alternate web server port 8090, often used for web cameras, and RDP port 3389.

Despite the massive spike in cyber-attacks targeting Finland between July 12 and July 15, the country remained far behind top targeted countries. Compared to Canada, which typically makes it to top 10 but not top 5, Finland received on a small fraction of cyber-attacks on July 12 and July 14 and “doesn’t even register on the chart,” F5 says.

The top targeting countries during the spike were China (29%), United States (14%) and France (9%), followed by Italy (8%) and Russia (7%). Many of the attacks originated from networks usually seen launching such attacks, the security researchers say.

ChinaNet, consistent
ly at the top of the threat actor network list globally, remained the top attacking network during the attack spike.

Such attacks, F5 notes, are possible because of the rise of poorly secured IoT devices. By targeting vulnerable devices, nation-states, spies, mercenaries, and others can easily launch attacks against anyone.

“If threat actors can follow anyone from an average citizen to a CIA agent, why not President Trump, or any member of his official entourage? They are perhaps the highest valued intelligence targets on the planet right now. Even allied state actors have an interest in gaining eyes or ears into any member of the Trump entourage,” F5 notes.

Related: Trump-Kim Summit Attracts Wave of Cyber-Attacks on Singapore

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Cyberwarfare

Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...