Cybersecurity Researchers at Venafi recently warned about the backdoor malware techniques used by “Black Energy Gang” attackers to shut down the Ukrainian power stations in 2015 are now being deployed more widely by the black hat community. This event had crippled one-fifth of Ukraine’s Power system, the entire power grid of the Ivano-Frankivsk region, in seconds.
Also last year, 25 Nov 2019, a Trickbot infection was detected at Windows where it hosted and then downloaded different modules to perform various functions. These directly hacked the SSH on the Windows system.
A recent upgrade in the Blackout Malware now adds attackers’ SSH keys to the victims’ machine in a list of authorized key files which then trusts the attackers’ key for carrying out secure communication. Recent researchers at Venafi, notify about an increased sale of Malware-as-a-service on the Dark web.
What is SSH?
SSH are access credentials that grant access to servers without the need to type a password. They are commonly used for automated machine-to-machine access for file transfers and integration of information systems. Over a long period of time, advanced malware and hackers have been attacking SSH key. Below can be the reasons for attacks on SSH:
- The keys provide a long-term backdoor, and they can be used to spread the attack from one server to another – possibly across nearly all servers in an enterprise, including disaster recovery data centers and backup data centers.
- The keys often grant access to credit card payment environments and financial data environments in public companies. This information could give attackers undetected root access to mission-critical systems to spread malware or sabotage processes, the security vendor warned.
- The keys commonly provide root or administrator access, thus allowing installation of malware, compromising of software, or even upfront destruction.
A former government hacker, now a penetration tester, said he would always first get all SSH keys. In the famous Sony breach, hackers stole SSH credentials and apparently used them to attack. Authentication credentials, particularly SSH keys, are a natural target for attackers.
Considering the severity of SSH key compromise, Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, noted that SSH key is extremely valuable for adversaries. SSH keys SSH uses public-key cryptography to authenticate remote computers and allow it to authenticate the user if necessary “SSH keys need to be rotated frequently, and the only way to do this effectively is with automation, but many organizations, including banks, never change them…Even worse, many SSH keys never expire so they can be used to create long term backdoors that allow attackers to gain access to networks for months or years.”
Concerned Your Data Might Be on the Dark Web? Contact LIFARS Today!