TechRadar Posted December 28, 2023 Share Posted December 28, 2023 Hackers are once again targeting poorly secured Linux SSH servers, researchers have claimed.The aim of the attackers is to install tools that will enable them to breach more servers. Ultimately, they either sell this access to their peers or install cryptocurrency miners and other malware on the endpoints.Cybersecurity researchers from the AhnLab Security Emergency Response (ASEC) claim to have observed threat actors installing port scanners and dictionary tools on vulnerable servers. Selling the access First, the hackers would try to guess the target’s SSH credentials with a classic brute-force, or dictionary attack. The process is automated and allows them trying thousands of possible username/password combinations in a short amount of time.If the server is poorly protected and has a password that’s easy to guess (for example, “password”, or “12345678”), they can access it and then install other malicious software. The researchers have seen the attackers install scanners hunting for port 22 activity. As they explained, that port is associated with the SSH service, and that allows them to identify additional endpoints to target.At that point, they have multiple options - either to sell the access on the dark web, or install additional malware. In examples of the latter, the threat actors were observed installing distributed denial of service (DDoS) tools as well as cryptocurrency miners."Threat actors can also choose to install only scanners and sell the breached IP and account credentials on the dark web," the researchers said. "These tools are believed to have been created by PRG old Team, and each threat actor modifies them slightly before using them in attacks," they concluded.The best way to keep your servers safe from these attacks is to use a strong password, consisting of lowercase and uppercase letters, numbers, and special symbols. It would be even better if the characters were seemingly random and didn’t follow a pattern (for example, a name or an important date).Via TheHackerNews More from TechRadar Pro Linux servers are being infected with a dangerous new malwareHere's a list of the best firewalls todayThese are the best ransomware protection services right now View the full article Quote Link to comment Share on other sites More sharing options...
.png.6dd3056f38e93712a18d153891e8e0fc.png.1dbd1e5f05de09e66333e631e3342b83.png.933f4dc78ef5a5d2971934bd41ead8a1.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.