Attackers are mass-scanning websites for directories holding SSH private keys

Attackers are mass-scanning websites for directories holding SSH private keys so they can hack into websites with any unintentionally exposed credentials.

SSH (Secure Socket Shell) is a program created to allow users to log into another computer over a network, to execute commands on that computer and to move files to and from that computer.

The SSH authentication could depend on login credentials (username and password), or on a “key-based” authentication. When using key-based auth method, users generate an encryption key combination, a public and private key. The public key is stored on the server that users want to connect to it. The private key is stored by the users in a local SSH configuration directory on the server.

According to Wordfence:
“In the past 24 hours, we have seen a new attacker start mass-scanning websites for private SSH keys,”
“If your private SSH key ever gets out, anyone can use it to sign in to a server where you have set up key-based authentication. It is very important to keep your private key safe.”

Cybercriminals are mass-scanning the web searching for web directories holding the words, or mixtures of words, such as “root,” “ssh,” or “id_rsa.”

Server administrators are recommended to check if they haven’t unintentionally uploaded their SSH private key on their public servers.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

Halliburton Cyberattack Update: Losses Worth $35 Million Hit The Firm