Security News > 2023 > June > Beware bad passwords as attackers co-opt Linux servers into cybercrime

Beware bad passwords as attackers co-opt Linux servers into cybercrime
2023-06-21 19:50

Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they're seeing a lot of these days, where cybercriminals guess their way into Linux shell servers and use them as jumping-off points for further attacks, often against innocent third parties.

These attackers are using the not-very-secret and not-at-all-complicated trick of finding Linux shell servers that are accepting SSH connections over the internet, and then simply guessing at common username/password combinations in the hope that at least one user has a poorly-secured account.

Well-secured SSH servers won't allow users to login with passwords alone, of course, typically by insisting on some sort of alternative or additional logon security based on cryptographic keypairs or 2FA codes.

Servers set up in a hurry, or launched in preconfigured "Ready-to-use" containers, or activated as part of a bigger, more complex setup script for a back-end tool that itself requires SSH, may start up SSH services that work insecurely by default, under the sweeping assumption that you will remember to tighten things up when you move from testing mode to live-on-the-internet mode.

Firstly, your servers end up with reduced processing capacity for legitimate work, such as handling SSH login requests; secondly, any additional electricity consumption, for example due to extra processing and airconditioning load, comes at your expense; thirdly, cryptomining crooks often open up their own backdoors so they can get in more easily next time to keep track of their activities.

As mentioned above, attackers who are able to implant new files of their own choice via compromised SSH logins often also tweak your existing SSH configuration to create a brand new "Secure" login that they can use as a backdoor in future.


News URL

https://nakedsecurity.sophos.com/2023/06/21/beware-bad-passwords-as-attackers-co-opt-linux-servers-into-cybercrime/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232