Threat Watch

DreamBus Botnet Runs Like a Nightmare

ZDNet reports that the botnet previously tracked as SystemdMiner has received an update and a name change. The newly tracked DreamBus botnet received substantial updates from the initial SystemdMiner botnet. The current botnet targets enterprise-level apps for Linux, such as PostgreSQL, Hadoop YARN, and the SSH service. Using a variety of methods including brute-force attacks and malicious API commands, the botnet maintains a foothold on Linux servers so that the threat group can install an open-source app that mines for Monero to generate profits for the attackers.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As these attacks occur due to improper installations and configurations of these enterprise-level apps, Binary Defense recommends ensuring some basic safety features are in place, such as changing credentials from their default state to something unique, and enabling MFA for all interfaces. Additionally, Binary Defense recommends employing a 24/7 SOC as a service, such as Binary Defense’s own Security Operations Task Force in order to catch suspicious behavior from any unauthorized logins.

For more information, please see: https://www.zdnet.com/article/dreambus-botnet-targets-enterprise-apps-running-on-linux-servers/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support