I use zip bombs to protect my server

https://idiallo.com/blog/zipbomb-protection

#HackerNews #zipbomb #serverprotection #cybersecurity #datasecurity #techblog

Securing SSH access is critical for protecting your server from unauthorized access. By combining Two-Factor Authentication (2FA) with IPv6-only connections, you add multiple layers of security.

https://linuxexpert.org/enhancing-server-security-with-2fa-and-ipv6-only-ssh-access/

#2FA #TwoFactorAuthentication #SSH #IPv6 #ServerSecurity #SSHKeyAuthentication #OTP #GoogleAuthenticator #PAM #Firewall #Iptables #UFW #Linux #ServerAdministration #Cybersecurity #NetworkSecurity #IPv6Only #SSHConfiguration #EnhancedSecurity #ServerProtection #linux

"🔍 Scarabs Target Vulnerable Servers with Spacecolon Toolset 🐞"

Analysis reveals Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers. The operators, known as CosmicBeetle, are on the move. Stay vigilant and ensure your servers are patched! 🛡️

Key Points:

Spacecolon Toolset: ESET researchers have analyzed Spacecolon, a toolset used to deploy variants of the Scarab ransomware to victims globally. The toolset likely infiltrates victim organizations by compromising vulnerable web servers or brute forcing RDP credentials. Some builds of Spacecolon contain Turkish strings, suggesting a Turkish-speaking developer. The origins of Spacecolon trace back to May 2020, with ongoing campaigns observed as of the article's writing.

CosmicBeetle Operators: The operators of Spacecolon, referred to as CosmicBeetle, have not been attributed to any known threat actor group. They utilize three main Delphi components: ScHackTool (main orchestrator), ScInstaller (installs ScService), and ScService (acts as a backdoor). These components allow CosmicBeetle to execute commands, download payloads, and retrieve system information from compromised machines.

Third-Party Tools: Spacecolon operators heavily rely on a variety of third-party tools, both legitimate and malicious. A new ransomware family, referred to as ScRansom, is believed to be developed by the same individual behind Spacecolon. This assessment is based on similarities in code strings, the use of the IPWorks library, and GUI resemblance.

Victimology: CosmicBeetle does not have a clear target, with victims spread worldwide. Spacecolon can function as a RAT or deploy ransomware. The researchers observed the potential preparation for the distribution of a new ransomware named ScRansom.

Attack Scenario: The typical attack scenario involves CosmicBeetle compromising a vulnerable web server or brute forcing RDP credentials, deploying ScHackTool, using third-party tools to disable security products and extract information, and potentially deploying the Scarab ransomware.

Scarab Ransomware: The final payload deployed by CosmicBeetle is a variant of the Scarab ransomware. This ransomware variant also deploys a ClipBanker, which monitors clipboard content and replaces cryptocurrency wallet addresses with attacker-controlled ones.

Technical Analysis: The article provides a deep technical analysis of the Spacecolon components and the Scarab ransomware. ScHackTool, the main component of Spacecolon, uses a GUI for its operations and has functionalities to download and execute additional tools from its C&C server.

Source: We Live Security

Tags: #Ransomware #Scarab #Spacecolon #CyberSecurity #ServerProtection 🚀🔐