Hackers Are Now Scanning For SSH Keys To Exploit

As many of you know, servers running SSH are under constant siege by hackers and botnets, but how are attackers getting into these servers?  Servers are typically broken with brute-force password attacks because this is easy when people use passwords like "1234" and "changeMe", but do attackers do when SSH keys are used as credentials instead of passwords?  We at SSH Communications Security are well aware of other attack vectors such as SSH keys.  The recent SSH key scanning attacks on websites reported by Wordfence are yet another high profile example, but I like to know as much about my advisory as possible.  For this reason, I worked on a honeypot project with Marist college to learn more about how hackers exploit poor SSH management.  The activity surrounding what passwords are being used by attackers and where the attackers are based is interesting, but we wanted to learn more about what attackers are doing with SSH keys.  I will talk about the results of this project later, but recent activity reported by webservers has proven attackers...
Read more

Equifax Learns a $Billion Lesson

On Thursday, September 7th Equifax, one of the three major consumer credit reporting agencies, announced that hackers gained access to company data that impacts 143 million customers.  The compromised information includes Social Security numbers and driver’s license numbers.  Days after the breach was announced, Equifax’s stock was down more than 12%.  This is more than a billion dollars in lost shareholder value.
Read more