Surge in Brute-Force Attacks on Apache Tomcat Manager Interfaces
Overview of the Threat
Recently, GreyNoise, a notable threat intelligence firm, issued an alert regarding a significant increase in brute-force login attempts targeting Apache Tomcat Manager interfaces. Beginning on June 5, 2025, the frequency of these attempts has raised concerns that these attacks are systematic efforts aimed at exposing vulnerable Tomcat services en masse.
Observations of Malicious Activity
On the specified date, GreyNoise identified 295 unique IP addresses engaged in recurrent brute-force attacks against Tomcat Manager. Alarmingly, all of these IPs were classified as malicious. In the subsequent 24 hours, an additional 188 unique IPs were documented, with the highest concentrations originating from the United States, the United Kingdom, Germany, the Netherlands, and Singapore.
Specifics of Login Attempts
The findings also included data on login attempts against Tomcat Manager instances. A total of 298 unique IP addresses were noted in these attempts, with 246 of those flagged within the last 24 hours, all again categorized as malicious. The attempts were not confined geographically, targeting regions including the United States, the United Kingdom, Spain, Germany, India, and Brazil. Notably, many of these malicious activities were traced back to servers hosted by DigitalOcean.
Implications of This Behavior
GreyNoise emphasized that while no specific vulnerability has been linked to these activities, the occurrence points toward a continued interest in accessing exposed Tomcat services. Such widespread and opportunistic probing often acts as an early indicator of potential exploitation down the line.
Recommended Security Measures
In light of these threats, organizations utilizing Apache Tomcat, especially with accessible Manager interfaces, are urged to take proactive measures. Implementing robust authentication protocols and stringent access controls is essential. Regular monitoring for unusual activity can further help mitigate risks associated with these malicious attempts.
Exposed Security Cameras: A Growing Concern
In a separate security issue, Bitsight reported that there are more than 40,000 security cameras currently accessible online. This situation creates serious vulnerabilities, as anyone with internet access could potentially view live feeds, highlighting ongoing issues with unsecured digital devices.
Distribution of Exposed Cameras
The majority of these exposed cameras are concentrated in countries such as the United States, Japan, Austria, Czechia, and South Korea. The telecommunications sector bears the brunt of this issue, accounting for 79% of the exposed devices. Other sectors include technology (6%), media (4.1%), utilities (2.5%), education (2.2%), business services (2.2%), and government (1.2%).
Risks Associated with Vulnerable Installations
These cameras, found in various settings—from private residences to public transport and manufacturing environments—risk leaking sensitive information. Such exposures can facilitate espionage, stalking, and extortion, emphasizing the need for heightened security awareness among users.
Best Practices for Camera Security
To combat these risks, security experts recommend several preventive steps. Users should change default usernames and passwords, disable remote access if unnecessary, or restrict access through firewalls and Virtual Private Networks (VPNs). Keeping firmware updated is another critical measure to ensure better device security.
João Cruz, a security researcher, highlighted the unintended consequences of these security cameras, often referred to as “inadvertent windows” into personal and sensitive spaces. The ease with which these devices can be installed—usually involving minimal setup—adds to the ongoing risk.
As security practitioners and users become increasingly aware of these critical issues, the focus on implementing robust protective measures continues to grow. Monitoring online vulnerabilities and enhancing device security are essential actions in today’s connected world.
