NGINX Web Server – Exploited on Linux & Unix Versions
We are noticing a lot of malicious activities coming from servers running Nginx Servers of multiple version numbers leading up to the most recent release of 1.16. What is even more interesting is that it appears only Unix/Linux Variants that are being exploited. This has been increasing over the past couple months, however most recently we have noticed that a major security flaw must exist in this platform as we are seeing Multiple Version Numbers of this software now being exploited.
OPENSSH Server – Debian Linux / Phone Systems / Routers
We have noticed a large increase in hack attacks and botnet activity from systems running OPENSSH. So far this only has been coming from systems with Debian Linux and a couple other Linux Variants. Some of which are running on routing equipment and Phone Systems that have been exploited. These are typically more attack & hacker based issues coming from these devices. Some activities show signs of botnet signatures, however we have noticed that it appears to be more Human interaction on these compromised devices.
We will be monitoring both of these situations closely and monitor the types of traffic sent and received to honey pots around the world.