Misconfigured SSH abuse

SSH (Secure Socket Shell) is commonly utilized as a remote access method for Linux servers. If an local user is misconfigured to use an empty or weak password, it could be compromised by threat actors performing a brute-force or password spraying attack against an organization’s IP range. To mitigate against this technique, local users should use strong passwords, and firewall rules should be configured to prevent public exposure of the server, limiting access to trusted IP ranges (such as the organization’s own IP range or a VPN).