Vulnerable Linux SSH servers targeted for cryptomining, DDoS attacks

Threat actors have been targeting insecure Linux SSH servers with dictionary attack tools and port scanners in a bid to facilitate cryptocurrency mining and distributed denial-of-service attacks, The Hacker News reports. Mismanaged Linux SSH servers are initially infiltrated through a dictionary attack that seeks to determine their credentials before the deployment of scanner malware aimed at determining systems with an active port 22 to enable further infection spread, a report from ASEC revealed. Attacks also involved the execution of commands meant to identify the total CPU cores used by targeted servers. "These tools are believed to have been created by PRG old Team, and each threat actor modifies them slightly before using them in attacks," said ASEC, which urged organizations with Linux SSH servers to adopt strong passwords and periodic password rotation, as well as ensure up-to-date systems. Such findings follow Kaspersky's discovery of the new NKAbuse multi-platform malware that enables DDoS attacks.