Microsoft sounds the alarm over new wave of attacks on Windows, Linux servers


Sysrv botnet operators are exploiting vulnerabilities in WordPress and the Spring Framework to launch attacks against linux and windows waiterswarned Microsoft.

In a Twitter feedresearchers from the Microsoft Security Intelligence team explained that a new variant of the botnet, dubbed Sysrv-K, is used to deploy cryptominers and other malware on the target systems.

The exploit relies on a chain of vulnerabilities (including CVE-2022-22947 and CVE-2022-22947) that have already been patched, but are still present in systems that have yet to be updated.

New Botnet Capabilities

The recent wave of attacks has been made possible by new features introduced in the Sysrv botnet that help actively track down vulnerable servers and eliminate any competing malware present on a target system.

Once inside, Sysrv-K also spreads across a network using a combination of stolen credentials and brute force. the password stuffing attacks, says Microsoft.

“Like older variants, Sysrv-K searches for SSH keys, IP addresses, and hostnames, then attempts to connect to other systems on the network via SSH to deploy copies of itself. This could expose the rest of the network at risk of becoming part of the Sysrv-K botnet,” the threat intelligence team explained.

“A new behavior observed in Sysrv-K is that it looks for WordPress configuration files and their backups to get back database credentials, which it uses to take control of the web server.

The best way to protect against attacks launched via the Sysrv botnet is to establish a patch management policy that allows vulnerable systems to be updated as quickly as possible and ensures that strong account credentials and two-factor authentication are in place at all levels.

See also  Wix wants to help businesses sell tickets to their live events

“We urge organizations to secure systems accessible over the Internet, including timely application of security updates and building credential hygiene,” Microsoft wrote, before entering the opportunity to connect their own endpoint protection softwarewhich is supposed to protect against all variants of Sysrv.

Leave a Comment