GoScanSSH targets public facing SSH servers but avoids government systems
   Â
Researchers have found a new malware family, named GoScanSSH, that targets public facing SSH servers, but avoids those linked to government and military IP addresses. The malware has been around since June 2017 and has a number of unique characteristics. The malware has been written in the Go ( Golang ) programming language, avoids military targets and modifies its binaries for each target.
   Â
   Â
Researchers have identified 70 different samples associated with GoScanSSH family of malware. Each sample used custom compiled binaries to target platforms ranging from x86, x86_64, ARM to MIPS64 processor families. Once infected, the malware runs benchmarking tests to determine how powerful the server is by running a number of hash computations at fixed intervals. Once the speeds are determined, data is transmitted between the infected host and the attacker's C2 Server via the Tor2Web proxy service. Experts believe that the main function of the GoScanSSH malware is to identify additional vulnerable SSH servers.
   Â
These attacks demonstrate how servers exposed to the internet are at constant risk of attacks by hackers. Organizations should ensure that their systems are hardened before exposing them to the outside. Here are some ways to harden your servers and devices from being compromised. First thing that should be done is to remove or change the default passwords. If possible, don't use common usernames such as admin, guest or user. Using long passwords and changing them frequently will also help prevent your systems from being compromised. Another recommendation is to use a different port to access your SSH servers. Walden System's Rita Internet Traffic Appliance has the capability to forward ports to a different port number to help mask your SSH server from the outside.