Endpoint/Device Security, Vulnerability Management

Tsunami bot, others deployed in new attacks against Linux SSH servers

Poorly secured Linux SSH servers have been subjected to brute-force attacks by an unknown threat actor deploying the Tsunami and ShellBot distributed denial-of-service bots, as well as privilege escalation tools, log cleaners, and an XMRig coin miner, reports BleepingComputer. After brute-forcing publicly-exposed Linux SSH servers with username-password pairs, attackers proceed with executing a command that would facilitate the execution of the malware collection, which includes the Tsunami Ziggy variant that enables UDP, ACK, SYN, and DDoS attacks and various remote control commands, as well as the ShellBot DDoS bot that allows port scanning on top of UDP, HTTP, and TCP flood attacks, according to an ASEC report. Malicious activity is then concealed with the use of the MIG Logcleaner v2.0 and Shadow Log Cleaner tools, which would be followed by the deployment of privilege escalation malware and a miner for Monero assets. Adoption of strong passwords has been urged to curb such attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.