AhnLab Security Emergency response Center (ASEC) has reported that poorly managed Linux SSH servers are being targeted by a new campaign, deploying different variants of a DDoS Bot malware called ShellBot, also known as PerlBot. This malware is developed in Perl and uses IRC protocol to communicate with the C&C server. The malware is installed on servers with weak credentials, and to breach the server, a dictionary attack is initiated using a list of known SSH credentials. After installation, ShellBot can receive commands to carry out DDoS attacks and exfiltrate harvested information. ASEC has identified three different ShellBot versions, offering a variety of DDoS attack commands using HTTP, TCP, and UDP protocols. This campaign follows previous attacks aimed at Linux servers, distributing cryptocurrency miners via a shell script compiler. Microsoft has also revealed a gradual increase in DDoS attacks on healthcare organizations hosted in Azure. ASEC has issued a warning that if ShellBot is installed, Linux servers could be used as DDoS Bots, and the threat actor could use various backdoor features to launch different types of attacks from the compromised server.
Source: AhnLab Security Emergency response Center (ASEC)
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.