October 13, 2023 at 01:47PM
Cyberattackers are using the ShellBot malware to target Linux SSH servers. They are now using hexadecimal IP addresses to evade detection. This new method allows them to hide their activity from behavior-based detection systems. ShellBot is a well-known botnet that compromises servers with weak SSH credentials and can be used for DDoS attacks or to install additional malware. To protect against ShellBot attacks, administrators should use strong passwords and regularly rotate their credentials.
Key Takeaways from Meeting Notes:
– Cyberattackers are targeting Linux SSH servers with the ShellBot malware.
– Attackers are using hexadecimal IP addresses (Hex IP) to hide their activity and evade detection.
– The use of Hex IP addresses makes it difficult for URL-based detection systems to parse or flag the malicious activity.
– ShellBot, also known as PerlBot, is a well-known botnet that uses dictionary attacks to compromise servers with weak SSH credentials.
– Once installed, ShellBot can be used for distributed denial-of-service (DDoS) attacks or to drop other malware on infected machines.
– Organizations can protect themselves from ShellBot attacks by improving password hygiene, using strong passwords, and regularly rotating credentials.