Old and New OpenSSH Backdoors Threaten Linux Servers

OpenSSH, a suite of networking software that allows secure communications over an unsecured network, is the most common tool for system administrators to manage rented Linux servers. And given that over one-third of public-facing internet servers run Linux, it shouldn’t come as a surprise that threat actors would exploit OpenSSH’s popularity to gain control of them.

Nearly five years ago, ESET researchers helped to disrupt a 25 thousand-strong botnet of Linux machines that were saddled with an OpenSSH-based backdoor and credential stealer named Ebury. The attackers wielding it first performed a check if other SSH backdoors are present at the targeted system before deploying the malware.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

This spurred the researchers to search for and analyze these type of (server-side OpenSSH) backdoors.

They found that there is a wide spectrum of complexity in backdoor implementation, starting from off-the-shelf malware to obfuscated samples and network protocols, but that all of them are the result of modifying and recompiling the original portable OpenSSH source used on Linux.

Also, that there are multiple code bases for the various backdoors, but that most of them share similar basic features (e.g., hardcoded credentials to activate a backdoor mode, credential stealing).

All of the collected samples copy the stolen credentials to a local file, even though attackers then must log back onto the compromised machine to retrieve the file. But some of the malware families are also capable of pushing the credentials on the network.

A cartoonish puffer fish wearing sunglasses and a tie,holding a briefcase labeled 'TOP SECRET'.
Image Source

Read more: Help Net Security 

Latest Articles

Complying with AWS’s RI/SP Policy Update: Save More, Stress Less

Shared Reserved Instances (RIs) and Savings Plans (SPs) have been a common workaround for reducing EC2 costs, but their value has always been limited. On average, these shared pools deliver only 25% savings on On-Demand costs—far below the 60% savings achievable with automated reservation tools. For IT and DevOps teams, the trade-offs include added complexity, […]

Itay Tal Head of Cloud Services
5th December, 2024
The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era

What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
4th December, 2024
Three Ways CISOs Can Combat Emerging Threats in 2025

73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

11th November, 2024
How Optimizing Kafka Can Save Costs of the Whole System

Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices.  But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

Itay Tal Head of Cloud Services
29th September, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services