GoScanSSH malware targets default and weak passwords

Talos security researchers have spotted a new family of malware dubbed “GoScanSSH” that compromises internet-facing SSH servers. The malware targets default and weak passwords via a brute force attack on SSH systems that allow password-based SSH authentication. 

“The GoScanSSH command and control (C2) infrastructure was observed leveraging the Tor2Web proxy service in an attempt to make tracking the attacker-controlled infrastructure more difficult and resilient to takedowns,” Talos added in the blog post

Organizations should make sure that their systems are hardened, default credentials are changed prior to deploying new systems to production environments, and systems are continuously monitored for attempts to compromise them.

Using and managing strong passwords

US-CERT issued a new security advisory reminding users the importance of using and managing strong passwords. Given hackers have been long using tools at their disposal to help guess or “crack” weak passwords, this guidance can help users reduce the chances of getting their credentials stolen. 

NCCIC/US-CERT issued the following good password best practices: 

  • Use multi-factor authentication when available.
  • Use different passwords on different systems and accounts.
  • Don’t use passwords that are based on personal information that can be easily accessed or guessed.
  • Use the longest password or passphrase permissible by each password system.
  • Don’t use words that can be found in any dictionary of any language.

Additional tips are also provided to include Choosing and Protecting Passwords and Supplementing Passwords for more information.