Careless oversight of Linux SSH servers draws cryptominers, DDoS bots

Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found.
According to a report by AhnLab released this week, bad password management and lax vulnerability patching can allow hackers to exploit the servers for cybercrime.
SSH servers provide secure remote access to a computer or server over a network.
Once compromised, they can allow threat actors to infiltrate even more SSH servers and install additional malware.
The more servers the hackers control, the more crypto they can mine, or the bigger their DDoS attacks can become.
Before installing such malware, threat actors need to obtain information on their targets, including the IP address and SSH account credentials.
They perform IP scanning to identify servers with the SSH service and then use familiar tools to gather credentials, the researchers said.
The two methods are dictionary attacks, in which attackers try to gain unauthorized access to a system by using a large set of predefined words as potential passwords; and brute-force attacks, in which the hackers try all possible combinations of passwords until the correct one is found.
The malware strains found by AhnLab include ShellBot, Tsunami, ChinaZ DDoS Bot and XMRig CoinMiner.
Threat actors can also choose to install only scanners, instead of malware, and sell the breached IP and account credentials on the dark web.
The researchers didn't specify a particular threat actor behind these attacks.
They noted that various hacker groups have employed port scanners and SSH dictionary attack tools in the past, with each group using slightly different tools and files, including lists of account credentials.
AhnLab recommends that administrators maintain strong passwords, keep their server software patched and add security programs such as firewalls.
Trinidad and Tobago social security agency hit with post-Christmas ransomware attack.
Google to settle class action lawsuit alleging Incognito mode does not protect user privacy.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine.
She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia.
She previously was a tech reporter for Forbes Ukraine.
Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


This Cyber News was published on therecord.media. Publication date: Thu, 28 Dec 2023 13:35:23 +0000


Cyber News related to Careless oversight of Linux SSH servers draws cryptominers, DDoS bots

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
5 months ago Helpnetsecurity.com
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
11 months ago Cybersecuritynews.com
The State of DDoS Attacks: Evolving Tactics and Targets Businesses Must Be Aware Of - Now, these attacks are becoming more dangerous, targeted, and detrimental as they evolve. As DDoS attacks become more sophisticated, adversaries are able to hone in on the most vulnerable targets, ranging from small- and medium-sized businesses to ...
11 months ago Cyberdefensemagazine.com
Careless oversight of Linux SSH servers draws cryptominers, DDoS bots - Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password ...
11 months ago Therecord.media
How to Prepare for DDoS Attacks During Peak Business Times - One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service attacks during peak business times, when companies are more likely to be short-staffed and caught unawares. While DDoS attacks are a ...
11 months ago Darkreading.com
Hackers Attacking Linux SSH Servers to Deploy Scanner Malware - Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:-. Cybersecurity ...
11 months ago Gbhackers.com
How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
1 year ago Esecurityplanet.com
New SSH-Snake Malware Abuses SSH Credentials - Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat ...
9 months ago Cybersecuritynews.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
Security Series: Protecting the Edge Against DDoS Attacks with a Simplified Integrated Solution - An unprecedented increase in distributed-denial-of-service attacks in recent years has resulted in lost revenue and productivity, increased ransomware costs, and impacted service-level agreements for network operators. According to Zayo Group's ...
1 year ago Feedpress.me
VPN to protect against DDoS attacks on Twitch - Swarming or DDoS attacks pose a threat to streamers. Your data goes through a secure server, making it harder for attackers to target your actual IP address. A distributed denial-of-service attack globally harasses and attacks legitimate users and ...
11 months ago Itsecurityguru.org
3 Ways to Use Real-Time Intelligence to Defeat Bots - These days, online businesses must grapple with their own version of the replicant dilemma, as they try to make it easy for their human customers to use their sites, while keeping out a new generation of human-like bots. Bots, of course, are hardly a ...
1 year ago Darkreading.com
Essential DDoS statistics for understanding attack impact - The impact of DDoS attacks extends far beyond mere inconvenience, as they can result in financial losses, compromised data, and erosion of customer trust. Understanding the nature and consequences of DDoS activity is essential for organizations and ...
11 months ago Helpnetsecurity.com
In Cybersecurity and Fashion, What's Old Is New Again - While distributed denial-of-service attacks and zero-day threats are nothing new in cybersecurity, they're still happening regularly for a simple reason: They work. In early November 2023, OpenAI blamed a DDoS attack for intermittent ChatGPT issues, ...
11 months ago Darkreading.com
Web scraping is not just a security or fraud problem - Bots compose 42% of overall web traffic, and 65% of these bots are malicious, according to Akamai. Negative effects of scraper bots on business operations. Web scraping is not just a fraud or security problem, it is also a business problem. Scraper ...
5 months ago Helpnetsecurity.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
9 months ago Cisa.gov
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
Pro-Russian DDoS Attacks Alarm Denmark and US - Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups have caused alarm in the US and Denmark after several incidents affected websites of hospitals and government offices in both countries. On Tuesday, Denmark announced that it ...
1 year ago Therecord.media
DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia - Qurium, the Swedish media foundation and human rights watchdog leading the investigation into these DDoS attacks implicates FineProxy and RayoByte in facilitating the attacks. On November 30, 2023, Rappler, the leading digital media company in the ...
1 year ago Hackread.com
Understanding the Escalating Threat of Web DDoS Tsunami Attacks - Whether it's hacktivists conducting cyberwarfare or ransom-seeking criminals targeting vulnerable firms in financial services, retail, energy, or transportation, a new breed of destructive distributed denial of service attack - the Web DDoS Tsunami - ...
11 months ago Cyberdefensemagazine.com
Why is the internet so busy? Bots - Then there's online shopping, banking, remote working, video conferencing and more, all passing through the internet, connecting us wherever we are. Even as internet usage grows, it makes up just a fraction of total online traffic. One recent report ...
11 months ago Pandasecurity.com
Recently patched CUPS flaw can be used to amplify DDoS attacks - As Akamai security researchers found, a CVE-2024-47176 security flaw in the cups-browsed daemon that can be chained with three other bugs to gain remote code execution on Unix-like systems via a single UDP packet can also be leveraged to ...
2 months ago Bleepingcomputer.com
First American says funds secure despite cyberattack - Title insurance company First American said all funds held at First American Trust and third-party partner banks remain secure despite a cyberattack affecting the company's operations since last week. The real estate industry giant provided several ...
11 months ago Therecord.media
Hackers are Launching DDoS Attacks During Peak Business Hours - Many security practitioners have seen distributed denial-of-service attacks carried out during peak business hours, when firms are more likely to be understaffed and caught off guard. DDoS attacks are a year-round threat, but we've seen an increase ...
11 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)