A newly discovered botnet called SSHStalker has compromised at least 7,000 Linux servers by brute-forcing weak SSH password authentication. The botnet uses IRC-based command and control, exploits Linux kernel vulnerabilities dating back to 2009, and maintains persistence through backdoors and rootkits. While it hasn't yet monetized access through DDoS or cryptomining, researchers warn it could activate at any time. The primary defense is disabling SSH password authentication in favor of key-based authentication, implementing rate limiting, and removing legacy Linux systems with kernel 2.6 versions. Security experts emphasize this incident highlights the continued importance of basic security fundamentals over chasing advanced threats.
Sort: