Yesterday NetSensor identified a large hacker movement looking for port 25565/TCP, used by Minecraft servers, Java edition.
The movement was seen in all 11 points of presence of the intelligence network that make up HackNet, which are spread across 10 countries.
In total there were 2,379 searches for the service, coming from 44 attackers, which originated from 10 different countries.
This movement made Minecraft jump to the 2nd position in the ranking of the most wanted services by hackers yesterday.
Source: https://www.hacknet.com.br
The United States was the country with the most attackers looking for the service, however, a single attacker from Switzerland, using a Cloud provider called Calypso Host, was responsible for 97% of all queries identified on the network.
Countries by number of attackers:
27 United States
4 Singapore
3 France
3 China
2 Russia
1 Switzerland ***
1 Portugal
1 Netherlands
1 Japan
1 Bulgaria
Ranking of the companies involved:
14 DigitalOcean, LLC
4 CloudRadium L.L.C.
1 ZENLA-1
1 pfcloud
1 INAP - AS211680
1 Calypso IT Services GmbH
1 CTG Server Ltd.
1 CHINANET Sichuan province network
1 Bytefend Networks LLC
Will we see a new CVE involving Minecraft?
Is it just a search for vulnerabilities that are already known and not fixed by those responsible for the server, like the recent case of VMware?
The fact is, if you have Minecraft server(s) out of the hundreds of thousands existing on the internet today, you should pay attention!
Read too:
Kommentare