What happened
A new analysis shows that many networks in the Asia-Pacific region have lagged in throttling or blocking insecure Telnet protocol traffic, even after a recent critical vulnerability and global efforts reduced Telnet scanning activity.
Who is affected
Organizations and network operators across the Asia-Pacific region, particularly those with legacy systems, IoT devices, and consumer-grade routers exposing Telnet services, remain exposed to scanning and exploitation risks.
Why CISOs should care
Telnet is an outdated, insecure protocol that transmits data in clear text, making exposed Telnet endpoints an easy target for automated scanners and attackers. Despite a significant global drop in Telnet traffic driven by backbone provider filtering, many operators in the region did not effectively throttle risky Telnet sessions, leaving hundreds of thousands of exposed devices accessible and at risk of compromise. This exacerbates the attack surface for credential stuffing, brute force attempts, and exploitation of known vulnerabilities.
3 practical actions
- Inventory and eliminate Telnet services: Identify all devices exposing Telnet (port 23) and replace or reconfigure them to use secure alternatives (e.g., SSH).
- Implement network filtering: Enforce ingress and egress filtering at the edge and backbone levels to block or throttle unsolicited Telnet traffic.
- Patch known vulnerabilities: Prioritize remediation of Telnet-related CVEs and ensure legacy systems are updated or isolated, reducing exposure to automated scans and exploits.