Whitepaper samenvatting

ESET- The Dark Side of the ForSSHe

ESET- The Dark Side of the ForSSHe

A little more than three years ago we started hunting for OpenSSH backdoors being used in-the-wild. While we are always trying to improve defenses against Linux malware by discovering and analyzing examples, the scope of this hunt was specifically to catch server-side OpenSSH backdoors. Unfortunately, telemetry on Linux malware is not as readily available as it is on other platforms. Nonetheless, malicious OpenSSH binaries are quite common and have features that help us detect them among legitimate OpenSSH binaries. While, as soon as we got them, we used the samples collected to improve our detection, we only began sorting and analyzing them in 2018. Surprisingly, we discovered many new backdoor families that had never been documented before. We tried to gather as much information about each family we uncovered — for example, leaking the credentials, for honeypots we monitor, to the attackers. This paper is the result of this research and contains indicators of compromise that could help identify compromised servers.

Wanneer je dit whitepaper download ga je ermee akkoord dat je door de leverancier benaderd kan worden.
Door: ESET
Publicatie datum: 08-02-2019
Bestandstype: pdf
Document: Whitepaper
Taal: EN
Gepubliceerd door: Romain Dumont, Marc-Etienne M.Léveillé, Hugo Porcher

Lees ook

Top security vacatures

Powered by: ICTwerkt.nl
Computable Belgie