Attackers are mass-scanning websites for directories holding SSH private keys

Attackers are mass-scanning websites for directories holding SSH private keys so they can hack into websites with any unintentionally exposed credentials.

SSH (Secure Socket Shell) is a program created to allow users to log into another computer over a network, to execute commands on that computer and to move files to and from that computer.

The SSH authentication could depend on login credentials (username and password), or on a “key-based” authentication. When using key-based auth method, users generate an encryption key combination, a public and private key. The public key is stored on the server that users want to connect to it. The private key is stored by the users in a local SSH configuration directory on the server.

According to Wordfence:
“In the past 24 hours, we have seen a new attacker start mass-scanning websites for private SSH keys,”
“If your private SSH key ever gets out, anyone can use it to sign in to a server where you have set up key-based authentication. It is very important to keep your private key safe.”

Cybercriminals are mass-scanning the web searching for web directories holding the words, or mixtures of words, such as “root,” “ssh,” or “id_rsa.”

Server administrators are recommended to check if they haven’t unintentionally uploaded their SSH private key on their public servers.

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome