News Summary

• Hackers want to install DDoS tools and cryptominersHackers are once again targeting poorly secured Linux SSH servers, researchers have claimed.The aim of the attackers is to install tools that will enable them to breach more servers..
• As they explained, that port is associated with the SSH service, and that allows them to identify additional endpoints to target.At that point, they have multiple options - either to sell the access on the dark web, or install additional malware..
• The process is automated and allows them trying thousands of possible username/password combinations in a short amount of time.If the server is poorly protected and has a password that’s easy to guess (for example, “password”, or “12345678”), they can access it and then install other malicious software..
• "Threat actors can also choose to install only scanners and sell the breached IP and account credentials on the dark web," the researchers said..
• In examples of the latter, the threat actors were observed installing distributed denial of service (DDoS) tools as well as cryptocurrency miners..
• The researchers have seen the attackers install scanners hunting for port 22 activity..