A group of cyber criminals that has been active since June last year conducts large-scale attacks against SSH servers, whereby through more than 300,000 unique passwords attempting to log in. Once access to the server is obtained finally installed a DDoS rootkit.
Through this rootkit can execute the attackers acquired server DDoS attacks. The cyber criminals by Cisco and Level 3 as "SSHPsychos" and "Group 93" indicated. The group would generate as much traffic with the login attempts that all joint attacks on SSH from other parties combined into nothing fall. The attacks appeared from different netblocks (ranges of IP addresses) to arise. In cooperation with backbone provider Level 3 was decided that the group netblocks disabling used.
As part of the process, Level 3 warned the responsible providers, which the group cybercriminals suddenly used a new network for their scans and attacks. Because of this sudden transition decided Cisco and Level 3 to remove the routing options for both the old and new netblock. According to Cisco, this will "hopefully" slow down the activities of the group for a certain time.
The networking giant notes that "detectors and protectors" can no longer sit on the side as cybercriminals in such flagrant attack systems. However, the measures affect only the part of the Internet that is provided by Level 3. Cisco calls than other parties in order to block malicious traffic from this group on the Internet. "By working together, we can eliminate a group that makes no effort to hide their malicious activities," the company said.
No comments:
Post a Comment