SSH-Snake tool to attack networks

Feb 23 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that teaches you the five Ds of cyber-Dodgeball: Dodge, duck, dip, dive and… dodge ????????????

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! ????????????

Check out these freshly hatched patches ????????????

You better protect ya connect ????????????????????????

ConnectWise warns IT admins to patch critical vulnerabilities in on-premise versions of ScreenConnect ????️. These flaws could let attackers execute remote code or compromise data ????.

Meanwhile, ransomware attacks persist, with PSI Software SE and a Pennsylvania county falling victim. Arctic Wolf research shows firms are more likely to face business email compromise than ransomware, stressing the importance of identity controls and patch priorities ????.

Cyber insurers seek cloud security monitoring, logging, and privileged access management for coverage ????. Colorado’s health department hack affects 4.6 million, and phishing attacks target Microsoft 365 users for login credentials ????. Redis users face new crypto mining malware threat, while the EU probes TikTok’s impact on minors ????️‍♂️.

Now, on to today’s hottest cybersecurity stories:

  • ???? Hackers are weaponising open-source SSH-Snake tool to attack networks ????

  • ???? Wanted. Dead or Alive: Uncle Sam offers $15M bounty for Lockbit leaders ????

  • ????️ 2.4M eye doctor patients targeted by hack-attack on service firm in Arizona ????️

Hackers: “I raised you, and loved you, I’ve given you weapons, taught you techniques, endowed you with knowledge.” ✊✊✊ #MetalGearSolid


???? SSH-Snake: From Open-Source Tool to Malicious Threat ????

A recently open-sourced network mapping tool called SSH-Snake has fallen into the wrong hands, repurposed by threat actors to conduct malicious activities. ????️????

Described as a “self-modifying worm,” SSH-Snake leverages SSH credentials discovered on compromised systems to spread itself throughout networks. ????

Initially released on GitHub in early January 2024, SSH-Snake is designed to automatically search for SSH private keys on systems and create a comprehensive map of network dependencies. It supports domain resolution and is completely fileless, making it difficult to detect. ????️????

While SSH keys are recommended for secure authentication, threat actors have exploited this practice to spread SSH-Snake more effectively across networks once they gain a foothold. ????????

Despite being used in real-world attacks to harvest credentials and IP addresses, the developer of SSH-Snake, Joshua Rogers, emphasises its legitimate use for identifying infrastructure weaknesses. He urges companies to proactively use SSH-Snake to discover and fix vulnerabilities before attackers exploit them. ????️????

However, Rogers also criticises negligent operations by companies that fail to design and implement secure infrastructure, leaving them vulnerable to exploitation by simple scripts like SSH-Snake. He advocates for comprehensive security measures and total re-architecture of systems by trained specialists to minimise the fallout from such attacks. ????????️

In a related development, Aqua uncovered a new botnet campaign named Lucifer, exploiting misconfigurations and existing flaws in Apache Hadoop and Apache Druid for cryptocurrency mining and DDoS attacks. This highlights the ongoing challenges posed by cyber threats targeting widely used open-source solutions. ????????

Where’s Dog the Bounty Hunter when you need him? ????????????

???? U.S. Offers $15 Million Reward to Disrupt LockBit Ransomware Gang ????

The U.S. State Department has announced rewards of up to $15 million for information leading to the identification and arrest of key leaders within the LockBit ransomware group. ????️‍♂️????

LockBit has been responsible for over 2,000 attacks worldwide since January 2020, resulting in costly disruptions and ransom payments exceeding $144 million. The recent law enforcement operation led by the U.K. National Crime Agency disrupted LockBit, a Russia-linked ransomware gang active for over four years. ????????

Ransomware-as-a-service (RaaS) operations like LockBit extort companies by stealing sensitive data and encrypting systems, operating outside Western law enforcement’s jurisdiction. LockBit’s affiliates carry out attacks using the group’s malicious software and infrastructure, with initial access brokers facilitating their entry. ????????

Despite being the most prolific ransomware group since mid-2022, LockBit faced disruption due to law enforcement actions, leading to arrests, server seizures, and the recovery of decryption keys. However, the fluid nature of RaaS brands allows them to regroup and resurface under different names. ????????

While comprehensive degradation of LockBit’s infrastructure may temporarily disrupt their operations, continued collaboration and vigilance are necessary to combat ransomware threats effectively. ????????

???? Catch of the Day!! ????????????


Get access to the info


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Eye see what you’re up to ????

???? Health Data Breach Alert: 2.4 Million Patients Affected ????

Medical Management Resource Group (MMRG), operating as American Vision Partners, suffered a hacking incident potentially impacting 2.4 million patients. The breach involved unauthorised access to network servers and compromised sensitive patient information, including names, birthdates, medical records, and in some cases, Social Security numbers and insurance details.

MMRG detected the breach on November 14 and promptly took containment measures, engaging external cybersecurity firms and notifying law enforcement. Despite these actions, patient data was accessed by the unauthorised party.

Affected individuals are advised to monitor their credit reports and account statements closely. MMRG is offering two years of complimentary identity and credit monitoring to affected patients.

The incident underscores the risks posed by third-party vendors in the healthcare sector, with business associates accounting for nearly 40% of major breaches in 2023. Healthcare organisations are urged to assess vendor risk and establish robust security controls to safeguard patient data. ????????

Have a good weekend folks and be weary of anything that smells phishy ????

????️ Extra, Extra! Read all about it! ????️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ???????? with his stick and banana approach ????????

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • ???? CACTUS ransomware exploits flaws in Qlik Sense ????

Recent articles