Microsoft sounds the alarm over new wave of attacks on Windows, Linux servers

News
By published

Unpatched Windows and Linux servers face new cryptomining attacks

Cybersecurity
(Image credit: Shutterstock / song_about_summer)

The operators of the Sysrv botnet are abusing vulnerabilities in WordPress and the Spring Framework to launch attacks against Linux and Windows servers, Microsoft has warned.

In a Twitter thread, researchers from the Microsoft Security Intelligence team explained that a new variant of the botnet, dubbed Sysrv-K, is being used to deploy cryptominers and other malware onto target systems.

The exploit relies on a chain of vulnerabilities (including CVE-2022-22947 and CVE-2022-22947) that have already been fixed, but are still present in systems that have not yet been updated.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

New botnet capabilities

The recent spate of attacks has been made possible by new facilities introduced to the Sysrv botnet that help actively hunt down vulnerable servers and kill off any competing malware present on a target system.

Once inside, Sysrv-K also spreads itself throughout a network using a combination of stolen credentials and brute-force password stuffing attacks, Microsoft says.

“Like older variants, Sysrv-K scans for SSH keys, IP addresses, and host names, and then attempts to connect to other systems in the network via SSH to deploy copies of itself. This could put the rest of the network at risk of becoming part of the Sysrv-K botnet,” explained the threat intelligence team.

Read more

> 'Undetectable' malware kit packs a whole load of threats into a single package

> The little-known pact at the heart of cybersecurity

> REvil ransomware is officially back in action

“A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and their backups to retrieve database credentials, which it uses to gain control of the web server.”

The best way to shield against attacks launched via the Sysrv botnet is to establish an effective patch management policy that allows for vulnerable systems to be updated as swiftly as possible, and to ensure strong account credentials and two-factor authentication are in place across the board.

“We highly recommend organizations to secure internet-facing systems, including timely application of security updates and building credential hygiene,” wrote Microsoft, before seizing the opportunity to plug its own endpoint protection software, which is said to shield against all Sysrv variants.

TOPICS
Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
ID theft
New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
IoT’s botnet problem is up 500% – three things admins must do now
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Dangerous new botnet targets webcams, routers across the world
Latest in Security
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
Latest in News
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
More about security
Robotic hand clicking on captcha 'I am not a robot'.

Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Close up of a person touching an email icon.

Criminals are using CSS to get around filters and track email usage
Nvidia GR00T N1 humanoid robot

Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
See more latest
Most Popular
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Nvidia Earth-2 weather models
Nvidia has updated its virtual recreation of the entire planet - and it could mean better weather forecasts for everyone
Sennheiser HD 550 headphones profile shot
Sennheiser announces new HD 550 headphones with high-quality audio for gamers and audiophiles
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
Robotic hand clicking on captcha 'I am not a robot'.
Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Nvidia DGX Station
Nvidia’s DGX Station brings 800Gbps LAN, the most powerful chip ever launched in a desktop workstation PC
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia launches its fastest GPU ever: Nvidia RTX Pro 6000 Blackwell Workstation Edition is an enhanced version of the RTX 5090 with more of everything