Care to dance? Chalubo (aka ChaCha-Lua-bot), a new Distributed Denial of Service (DDoS) botnet discovered by SophosLabs is in the wild targeting a large global subset of Linux servers. Specifically, Chalubo is attacking poorly secured Linux servers running SSH (Secure Shell) for remote administration. This has generated a lot of press interest because SSH servers also manage many IoT devices. But it’s not just IoT, it’s business servers as well. MSPs need to be aware of this new threat and pass on the right guidance to their customers to help protect them.
As with most drive-by attacks like this, the bad guys are looking for the easiest way in, hence, they’re targeting SSH servers that aren’t tightly secured. What does this mean? You guessed it. It reinforces the need for good cyberhygiene. As always, we recommend businesses pay attention to the basics like monitoring, patching, antimalware, secure configurations, and using best practices for strong and secure passwords. But to add to that, SSH provides a secure connection that can utilize a user name and password for authentication or a public private key pair with access to the private key being necessary from the local machine. Therefore, to help ensure stronger SSH security, it’s recommended to use key pair authentication to add another level of protection.
The challenge with good hygiene is that it can seem “dull” and “boring” but it’s critical and the foundation of a solid, layered security approach. As we’ve seen again and again with these types of attacks, if you don’t do it, you may get hit. It’s as simple as that. There is not some shiny new toy or flashy tool that will help you do this; it just boils down to simple, hard work—and hard work that needs to be done. However, done properly, good hygiene can create a big barrier between companies and their potential adversaries.
Good cyberhygiene is about the basics, performing them right and doing them regularly; and to keep demonstrating to the customer that you’re doing them. Companies need to ensure that they have the right systems in place, and where possible, automate the repetitive tasks to help ensure things don’t get missed. Ultimately, it’s important to remember that if you leave the front door open, all the fancy security stuff you have in place isn’t going to do much good. To better protect against DDoS botnets like Chalubo, you need to pay attention to doing all you can to keep the front of the house protected.
Additional reading sources:
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.
© 2018 SolarWinds MSP UK Ltd. All rights reserved.
The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates. All other trademarks are the property of their respective owners.