Exploited SSH Servers Offered in the Dark web as Proxy Pools
Researchers at Aqua Nautilus have uncovered a threat to SSH in cloud environments. Attackers are using SSH tunneling to exploit SSH servers and gain access to organizations' networks. These attacks have various implications, including spam dissemination, intelligence collection, and fraudulent activities. The researchers have observed brute force attacks and post-exploitation lateral movement as the primary initial access vectors. To protect against these attacks, organizations are advised to implement strong SSH security practices, monitor network traffic, and educate users about email security. Aqua's cloud-native application protection platform (CNAPP) can help detect and mitigate these threats.