[GTALUG] Linux servers attacked!
D. Hugh Redelmeier
hugh at mimosa.com
Sat May 9 17:22:55 EDT 2020
<https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-decade-of-the-rats.pdf>
This describes a lot of attacks, starting with a Linux server victim.
Sounds like juicy stuff. I didn't find it so.
It didn't clearly say what vulnarabilities were being exploited.
The article hinted that a foothold was established via brute-force
password guessing at logins. My servers only allow SSH logins, so
this would not work on my machines. Does anyone still use passwords
for logins facing the internet? Consumer crap (wireless routers,
baby monitors, ...), I guess.
After the login, a kernel module is installed. Where does the
privilege come from? An unmentioned hole?
There is a claim that this stuff is widespread and has been for a long
time. I don't think any quantitative evidence is revealed.
More information about the talk
mailing list