加密货币挖矿威胁：Linux SSH服务器安全漏洞

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks.

恶意分子正在针对安全性差的Linux SSH服务器，安装端口扫描器和字典攻击工具，目的是攻击其他易受攻击的服务器，并将它们纳入网络，用于进行加密货币挖矿和分布式拒绝服务（DDoS）攻击。

"Threat actors can also choose to install only scanners and sell the breached IP and account credentials on the dark web," the AhnLab Security Emergency Response Center (ASEC) said in a report on Tuesday.

“威胁行为者还可以选择仅安装扫描器，并在暗网上出售被侵犯的IP和帐户凭据，”AhnLab安全应急响应中心（ASEC）在周二的一份报告中说。

In these attacks, adversaries try to guess a server's SSH credentials by running through a list of commonly used combinations of usernames and passwords, a technique called dictionary attack.

在这些攻击中，对手试图通过运行常用用户名和密码组合的列表来猜测服务器的SSH凭据，这是一种称为字典攻击的技术。

Should the brute-force attempt be successful, it's followed by the threat actor deploying other malware, including scanners, to scan for other susceptible systems on the internet.

如果暴力攻击尝试成功，威胁行为者将部署其他恶意软件，包括扫描器，以扫描互联网上的其他易受攻击的系统。

Specifically, the scanner is designed to look for systems where port 22 -- which is associated with the SSH service -- is active and then repeats the process of staging a dictionary attack in order to install malware, effectively propagating the infection.

具体来说，扫描器被设计为查找端口22（与SSH服务相关）处于活动状态的系统，然后重复进行字典攻击的过程，以安装恶意软件，有效地传播感染。

Another notable aspect of the attack is the execution of commands such as "grep -c ^processor /proc/cpuinfo" to determine the number of CPU cores.

攻击的另一个显着特点是执行诸如"grep -c ^processor /proc/cpuinfo"的命令，以确定CPU核心的数量。

"These tools are believed to have been created by PRG old Team, and each threat actor modifies them slightly before using them in attacks," ASEC said, adding there is evidence of such malicious software being used as early as 2021.

“这些工具被认为是由PRG old Team创建的，并且每个威胁行为者在使用它们之前都会稍微修改它们，”ASEC表示，并补充说有证据表明此类恶意软件早在2021年就被使用。

To mitigate the risks associated with these attacks, it's recommended that users rely on passwords that are hard to guess, periodically rotate them, and keep their systems up-to-date.

为了减轻与这些攻击相关的风险，建议用户使用难以猜测的密码，定期更换密码，并保持其系统更新。

The findings come as Kaspersky revealed that a novel multi-platform threat called NKAbuse is leveraging a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel for DDoS attacks.

这些发现出现在卡巴斯基（Kaspersky）揭示一项新型跨平台威胁NKAbuse的情况下，该威胁利用名为NKN（New Kind of Network）的去中心化对等网络连接协议作为DDoS攻击的通信渠道。