Attackers Hacked Linux Servers to Launch DDoS & Mine Monero

Post Views: 253

Tsunami Botnet Malware was installed by hackers on servers with inadequate security.

Adversaries installed the Tsunami DDoS bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner by brute-forcing Linux SSH servers.

To access Linux SSH servers that were accessible to the public, hackers port scanned for them and brute-forced username-password pairings. Linux Servers that weren’t properly protected were open to the attack.

Attack on Linux SSH Servers

Adversaries employ a Bash script to execute various viruses after getting admin user rights on the device.

Source

Hackers generated a fresh set of public and private SSH keys for the compromised server to continue access. Log cleaners, cryptocurrency miners, privilege escalation tools, and two different DDoS Botnets were among the installed malware.

DDoS attacks using HTTP floods, UDP, TCP, and port scanning are all supported by the Pearl-based ShellBot DDoS bot. It can also create a reverse shell.
Another DDoS Botnet Software called Tsunami transmits data to and receives commands from the C2 Server using the IRC Protocol. One of the malware strains released with Mirai and Gafgyt is also known as Kaiten. Attacks aimed at IoT devices frequently use tsunamis.

“Tsunami hides using common system process names and writes itself to “/etc/rc.local” to persist between reboots.

Tsunami supports various remote control commands besides SYN, ACK, UDP, and random flood DDoS attacks.”

Source

Ways to secure servers against such Attacks?

To improve server security, security experts offer various advice for Linux users.

Use Strong & Unique Passwords,
Utilize SSH keys to log in to the SSH server,
De-activate root login via SSH,
Allow limited IP addresses to access the server,
Make the default SSH port unusual so that infection scripts and bots won’t detect it.

About The Author

Suraj Koli is a content specialist with expertise in Cybersecurity and B2B Domains. He has provided his skills for News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food & Beverage, Entertainment, and many others. Koli established his center of the field in a very amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.