by BFFF
Jul 13th, 2022
2 mins
BFFF

The National Cyber Security Centre (NCSC) has highlighted that Microsoft’s Security Intelligence team has uncovered “notable updates” to malware targeting Linux systems to install cryptomining malware.

The group behind the malware, known as the “8820 gang”, has been active since 2017. Their most recent campaign has been targeting i686 and x86_64 Linux systems and uses RCE exploits for CVE-2022-26134 and CVE-2019-2725 for initial access (Atlassian Confluence Server and Oracle WebLogic, respectively).

Microsoft also revealed that the malware features self-propagating capabilities:

“The loader uses the IP port scanner tool “masscan” to find other SSH servers in the network, and then uses the GoLang-based SSH brute force tool “spirit” to propagate. It also scans the local disk for SSH keys to move laterally by connecting to known hosts.”

To protect against this threat, Microsoft recommends that organisations should secure systems and servers, apply updates, and use good credential hygiene.

The NCSC has advice for organisations on updating their approach to password policies and implementing effective authentication policies.

They also have guidance available for organisations, both public and private sector, to help them mitigate against malware infection and what to do should they find themselves already infected.

Webinars

Dec 9th, 2021
2 mins

Fareshare and Frozen

Nov 1st, 2021
3 mins

Lumina Intelligence give cautious optimism with menu counts increasing season-on-season in the latest BFFF industry webinar

Oct 28th, 2021
1 min

Butterflies in a Hurricane: Navigating Turbulence in Wholesale Energy Markets - BFFF exclusive

Sep 22nd, 2021
1 min

TRANSPORT AND GROUPAGE BREXIT SUPPORT SESSION

Sep 16th, 2021
1 min

FROZEN OPPORTUNITIES PRESENTED BY HFSS RECORDING

Aug 19th, 2021
1 min

The Future of Imports Recording

Jul 22nd, 2021
1 min

Integrating Social Value into your business recording