ZDNet reports that the botnet previously tracked as SystemdMiner has received an update and a name change. The newly tracked DreamBus botnet received substantial updates from the initial SystemdMiner botnet. The current botnet targets enterprise-level apps for Linux, such as PostgreSQL, Hadoop YARN, and the SSH service. Using a variety of methods including brute-force attacks and malicious API commands, the botnet maintains a foothold on Linux servers so that the threat group can install an open-source app that mines for Monero to generate profits for the attackers.
Analyst Notes
As these attacks occur due to improper installations and configurations of these enterprise-level apps, Binary Defense recommends ensuring some basic safety features are in place, such as changing credentials from their default state to something unique, and enabling MFA for all interfaces. Additionally, Binary Defense recommends employing a 24/7 SOC as a service, such as Binary Defense’s own Security Operations Task Force in order to catch suspicious behavior from any unauthorized logins.
For more information, please see: https://www.zdnet.com/article/dreambus-botnet-targets-enterprise-apps-running-on-linux-servers/
