Microsoft sounds the alarm over new wave of attacks on Windows, Linux servers

Unpatched Windows and Linux servers face new cryptomining attacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The operators of the Sysrv botnet are abusing vulnerabilities inWordPressand the Spring Framework to launch attacks againstLinuxand Windowsservers,Microsofthas warned.

In aTwitter thread, researchers from the Microsoft Security Intelligence team explained that a new variant of the botnet, dubbed Sysrv-K, is being used to deploy cryptominers and othermalwareonto target systems.

The exploit relies on a chain of vulnerabilities (including CVE-2022-22947 and CVE-2022-22947) that have already been fixed, but are still present in systems that have not yet been updated.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

New botnet capabilities

The recent spate of attacks has been made possible by new facilities introduced to the Sysrv botnet that help actively hunt down vulnerable servers and kill off any competing malware present on a target system.

Once inside, Sysrv-K also spreads itself throughout a network using a combination of stolen credentials and brute-forcepasswordstuffing attacks, Microsoft says.

“Like older variants, Sysrv-K scans for SSH keys, IP addresses, and host names, and then attempts to connect to other systems in the network via SSH to deploy copies of itself. This could put the rest of the network at risk of becoming part of the Sysrv-K botnet,” explained the threat intelligence team.

‘Undetectable’ malware kit packs a whole load of threats into a single package>The little-known pact at the heart of cybersecurity>REvil ransomware is officially back in action

“A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and theirbackupsto retrievedatabasecredentials, which it uses to gain control of the web server.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The best way to shield against attacks launched via the Sysrv botnet is to establish an effectivepatch managementpolicy that allows for vulnerable systems to be updated as swiftly as possible, and to ensure strong account credentials and two-factor authentication are in place across the board.

“We highly recommend organizations to secure internet-facing systems, including timely application of security updates and building credential hygiene,” wrote Microsoft, before seizing the opportunity to plug its ownendpoint protection software, which is said to shield against all Sysrv variants.

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere