Researchers warn of a surge in attacks on poorly secured Linux SSH servers

Researchers warn of a surge in attacks on poorly secured Linux SSH servers

The AhnLab Security Emergency Response Center (ASEC) has detected a significant surge in cyberattacks targeting poorly managed Linux SSH servers.

The primary focus of these attacks is the exploitation of inadequately secured Linux SSH servers. Threat actors aim to obtain critical information, such as IP addresses and SSH account credentials, before deploying malware, including DDoS bots and coin miners.

Threat actors conduct IP scanning to identify servers with active SSH services on port 22. They then launch brute force or dictionary attacks to compromise accounts and install a variety of malware.

Common malware that is installed in attacks against poorly managed Linux SSH servers includes ShellBot, Tsunami, ChinaZ DDoS Bot, and the XMRig crypto mining tool. Notably, ASEC's analysis reveals that besides DDoS bots and coin miners, threat actors also install SSH scanner malware on targeted servers. The researchers believe that the purpose of this is to identify more vulnerable systems and then sell access to them on the dark web.

“Administrators should use passwords that are difficult to guess for their accounts and change them periodically to protect the Linux server from brute force attacks and dictionary attacks and update to the latest patch to prevent vulnerability attacks,” the researchers advised. “Administrators should also use security programs such as firewalls for servers that are accessible from the outside to restrict access from threat actors. Finally, caution must be practiced by updating V3 to the latest version to block malware infection in advance.”

Back to the list

Latest Posts

Apple fixes actively exploited iOS zero-day

Apple fixes actively exploited iOS zero-day

CVE-2025-24200 could allow a malicious actor to disable USB Restricted Mode on a locked device.
11 February 2025
US, UK, Australia sanction Russia-based Zservers over Lockbit ransomware attacks

US, UK, Australia sanction Russia-based Zservers over Lockbit ransomware attacks

Zservers is responsible for providing cybercriminals with servers and other critical infrastructure designed to evade law enforcement detection.
11 February 2025
SIM swapper pleads guilty in SEC social media hack that caused bitcoin price surge

SIM swapper pleads guilty in SEC social media hack that caused bitcoin price surge

Council and his co-conspirators gained access to the SEC’s account through a SIM swap.
11 February 2025