Most of them are said to be quick about exploiting Gmail or other systems they know, but slow with unknown software (hours rather than seconds).
If your system is on-premises, you may reasonably assume that the attacker will need to read the man page, like a new employee, see? But these guys didn't need to read the man page.
You're right, it's not clever at all, the attacker just happened to find a completely zero authentication internal service. They might have even done so via an automated tool like some kind of script kiddie network scanning program.
This is the kind of dumb stuff we were doing 30 years ago: making the assumption that being physically on the network implies authentication.
There's zero excuse to have a no-auth SMTP server, or anything else for that matter.
Arnt|1 year ago
If your system is on-premises, you may reasonably assume that the attacker will need to read the man page, like a new employee, see? But these guys didn't need to read the man page.
dangus|1 year ago
This is the kind of dumb stuff we were doing 30 years ago: making the assumption that being physically on the network implies authentication.
There's zero excuse to have a no-auth SMTP server, or anything else for that matter.
rurban|1 year ago
For the typical hacker or foreign service this went as expected. Just that they detected it very soon, so not much harm done. Only VPN