Tags
LinuxOS Misconfig.NetworkAuthentication
ATT&CK Tactic
Initial Access (TA0001)Lateral Movement (TA0008)
ATT&CK Technique
https://attack.mitre.org/techniques/T1021/004/
Incidents
ChinaZ campaignsDiicot Campaign Targeting Linux Environments
Last edited
Jan 2, 2024 1:04 PM
Status
Featured
Defenses
Proxy
SSH (Secure Socket Shell) is commonly utilized as a remote access method for Linux servers. If an local user is misconfigured to use an empty or weak password, it could be compromised by threat actors performing a brute-force or password spraying attack against an organization’s IP range. To mitigate against this technique, local users should use strong passwords, and firewall rules should be configured to prevent public exposure of the server, limiting access to trusted IP ranges (such as the organization’s own IP range or a VPN).