ClickCease Attackers Targeting Poorly Managed Linux SSH Servers

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Attackers Targeting Poorly Managed Linux SSH Servers

Rohan Timalsina

January 9, 2024 - TuxCare expert team

In recent times, Linux SSH servers have become a prime target for attackers aiming to compromise security and exploit vulnerabilities for malicious activities. This article delves into the growing concern surrounding poorly secured Linux SSH servers, the techniques employed by threat actors, and crucial steps to fortify your server against potential attacks.

 

Linux SSH Servers Attack Details

 

A growing number of malicious actors are using poorly secured Linux SSH servers as entry points to install port scanners and deploy dictionary attack tools. The ultimate objective is to compromise vulnerable servers and incorporate them into a network so that distributed denial-of-service (DDoS) attacks and crypto mining can be carried out.

Adversaries utilize dictionary attacks, attempting to guess SSH credentials by systematically testing commonly used username and password combinations. After being successful, the threat actors escalate their attack by deploying additional malware, including sophisticated scanners made to identify other vulnerable systems.

Those scanners identify systems with an active port 22 (SSH service). Then the threat actors carry out SSH dictionary attacks to install malware. Some commonly used malwares include ShellBot, Tsunami, ChinaZ DDoS Bot, XMRig CoinMiner, and Gafgyt.

According to the analysis report, attackers first use this command to check the total number of CPU cores after successful login.

grep -c ^processor /proc/cpuinfo

This indicates that the malicious actor has successfully acquired the account credentials. Subsequently, they logged in again using the same credentials to download a compressed file, which contained both a port scanner and an SSH dictionary attack tool.

 

Conclusion

 

Server administrators can greatly lower the risk of compromise by being aware of the strategies used by threat actors and putting preventive measures in place. Users are strongly advised to adopt robust and proactive security measures to protect Linux SSH servers from these evolving threats. Essential practices such as using complex and difficult-to-guess passwords, frequently changing them, and keeping systems up-to-date should be implemented.

 

The sources for this article include a story from TheHackerNews.

Summary
Attackers Targeting Poorly Managed Linux SSH Servers
Article Name
Attackers Targeting Poorly Managed Linux SSH Servers
Description
Discover how to fortify your Linux SSH servers against evolving cyber threats. Learn about the attack campaigns against unsecured servers.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter