Attackers Targeting Poorly Managed Linux SSH Servers

In recent times, Linux SSH servers have become a prime target for attackers aiming to compromise security and exploit vulnerabilities for malicious activities.
This article delves into the growing concern surrounding poorly secured Linux SSH servers, the techniques employed by threat actors, and crucial steps to fortify your server against potential attacks.
A growing number of malicious actors are using poorly secured Linux SSH servers as entry points to install port scanners and deploy dictionary attack tools.
The ultimate objective is to compromise vulnerable servers and incorporate them into a network so that distributed denial-of-service attacks and crypto mining can be carried out.
Adversaries utilize dictionary attacks, attempting to guess SSH credentials by systematically testing commonly used username and password combinations.
The threat actors escalate their attack by deploying additional malware, including sophisticated scanners made to identify other vulnerable systems.
Those scanners identify systems with an active port 22.
Then the threat actors carry out SSH dictionary attacks to install malware.
According to the analysis report, attackers first use this command to check the total number of CPU cores after successful login.
This indicates that the malicious actor has successfully acquired the account credentials.
Subsequently, they logged in again using the same credentials to download a compressed file, which contained both a port scanner and an SSH dictionary attack tool.
Server administrators can greatly lower the risk of compromise by being aware of the strategies used by threat actors and putting preventive measures in place.
Users are strongly advised to adopt robust and proactive security measures to protect Linux SSH servers from these evolving threats.
Essential practices such as using complex and difficult-to-guess passwords, frequently changing them, and keeping systems up-to-date should be implemented.
The sources for this article include a story from TheHackerNews.
This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina.


This Cyber News was published on securityboulevard.com. Publication date: Tue, 09 Jan 2024 13:13:04 +0000


Cyber News related to Attackers Targeting Poorly Managed Linux SSH Servers

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
New SSH-Snake Malware Abuses SSH Credentials - Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat ...
8 months ago Cybersecuritynews.com
Attackers Targeting Poorly Managed Linux SSH Servers - In recent times, Linux SSH servers have become a prime target for attackers aiming to compromise security and exploit vulnerabilities for malicious activities. This article delves into the growing concern surrounding poorly secured Linux SSH servers, ...
9 months ago Securityboulevard.com
Hackers Attacking Linux SSH Servers to Deploy Scanner Malware - Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:-. Cybersecurity ...
10 months ago Gbhackers.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
7 months ago Cisa.gov
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
7 months ago Cisa.gov
From Trend to Mainstay: The Unstoppable Force of Managed Services - There's no denying that IT managed services are being embraced across businesses of all sizes as a path to achieve business goals. As technologies becomes increasingly complex and the lines between siloed architectures become blurred, companies are ...
5 months ago Feedpress.me
Careless oversight of Linux SSH servers draws cryptominers, DDoS bots - Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password ...
10 months ago Therecord.media
The Momentum, the Margin and the "Magic" with Cisco MSP Partners - The momentum of Cisco's Managed Service Provider partners is undeniable. A recent Canalys study¹ indicates that a striking 79% of partners anticipate growth in this sector in 2023, with 56% expecting growth rates to exceed 10%. By 2027, the managed ...
11 months ago Feedpress.me
Over 11M SSH Servers are Vulnerable to new Terrapin Attack - Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation. This attack can also be used to redirect ...
10 months ago Cybersecuritynews.com
In a first, cryptographic keys protecting SSH connections stolen in new attack - For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the ...
11 months ago Arstechnica.com
RUBYCARP hackers linked to 10-year-old cryptomining botnet - A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. According to a new report by Sysdig, RUBYCARP currently operates a ...
6 months ago Bleepingcomputer.com
CVE-2017-6720 - A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The ...
4 years ago
CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
6 months ago
Ebury botnet malware infected 400,000 Linux servers since 2009 - A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. Below are the Ebury infections logged by ESET since 2009, showing a notable growth in the volume of ...
5 months ago Bleepingcomputer.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
9 months ago Darkreading.com
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
4 years ago
Managed Ransomware Detect & Respond Offering From Zyston - PRESS RELEASE. DALLAS, Jan. 24, 2024 /PRNewswire-PRWeb/ - Zyston, a leading Managed Security Services Provider based in Dallas, Texas, is excited to introduce Managed Ransomware Detect and Respond, a co-managed solution designed to mitigate risk and ...
9 months ago Darkreading.com
Benefits and challenges of managed cloud security services - Too many organizations lack the in-house cloud security expertise and resources needed to protect cloud assets effectively. One option to address these challenges is managed cloud security. Outsourcing cloud security to a third party not only helps ...
8 months ago Techtarget.com
NoaBot Pwns Hundreds of SSH Servers as Crypto Miners - Mirai-based botnet exploits weak auth­en­ti­cation to mine imaginary money. A worm has been quietly building a botnet for the past year. It breaks into Linux SSH servers with weak authentication. In today's SB Blogwatch, we urge a switch to ...
9 months ago Securityboulevard.com
Nearly 11 million SSH servers vulnerable to new Terrapin attacks - Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic ...
10 months ago Bleepingcomputer.com
CVE-2023-28436 - Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a ...
1 year ago
P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices - The operator behind the growing P2PInfect botnet is turning their focus to Internet of Things and routers running the MIPS chip architecture, expanding their list of targets and offering more evidence that the malware is an experienced threat actor. ...
11 months ago Securityboulevard.com
Millions still haven't patched Terrapin SSH protocol vulnerability - Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they're in, attackers compromise the integrity of SSH sessions that form the ...
10 months ago Packetstormsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)