Poorly Managed Linux SSH Servers Targeted for DDoS Bot and CoinMiner Attacks
Reading Time: 3 Minutes
Researchers at AhnLab Security Emergency Response Center (ASEC) have issued a warning about a surge in attacks targeting poorly managed Linux SSH servers, with a primary focus on installing DDoS bots and CoinMiners. The reconnaissance phase of these attacks involves threat actors performing IP scanning to identify servers with the SSH service running on port 22, subsequently launching brute force or dictionary attacks to obtain login credentials.
Once access is gained, threat actors can install malware to scan, perform brute force attacks, and even sell breached IP and account credentials on the dark web. Notable malware used in these attacks includes ShellBot, Tsunami, ChinaZ DDoS Bot, and XMRig CoinMiner.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
A recent analysis by ASEC revealed that threat actors, upon successful login, executed commands to check the total number of CPU cores and downloaded a compressed file containing a port scanner and an SSH dictionary attack tool.
| > grep -c ^processor /proc/cpuinfo |
The researchers believe that the tools employed in these attacks are based on those created by the PRG old Team, with each threat actor customizing the tools by modifying them.
Trending: OSINT Tool: sn0int
Mitigation
To mitigate these threats, the researchers recommend administrators use strong, periodically updated passwords to protect against brute force and dictionary attacks. Additionally, they advise the use of security programs such as firewalls to restrict access from threat actors and emphasize the importance of updating to the latest patch to prevent attacks exploiting known vulnerabilities.
“Administrators should also use security programs such as firewalls for servers that are accessible from the outside to restrict access from threat actors. Finally, caution must be practiced by updating V3 to the latest version to block malware infection in advance,” concludes the report.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: securityaffairs.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
