TrickBot Evolves to Go After SSH Keys

Do you use SSH keys for securing communications? If so, do you have a passphrase set for the private key? Do you rotate the keys? Lots of questions about SSH keys are thrown up when malware starts to go after them…:

[…] Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, noted that SSH key are extremely valuable for adversaries. SSH keys SSH uses public-key cryptography to authenticate remote computers and allow it to authenticate the user, if necessary. There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.

“Cyberattackers know that SSH keys can provide complete control over devices, and the latest TrickBot malware is especially proficient at stealing these sensitive credentials,” he said via email. “SSH keys need to be rotated frequently, and the only way to do this effectively is with automation, but many organizations, including banks, never change them…Even worse, many SSH keys never expire so they can be used to create long term backdoors that allow attackers to gain access to networks for months or years.”

He added, “Although SSH keys are used for many kinds of privileged access, most organizations do not have security controls in place to minimize the risks connected with them. Without broader recognition of the pivotal role SSH keys can play in attacks and the implementation of security controls to protect them, organizations will remain at risk to attacks like TrickBot, and the theft of SSH keys, will continue.”


Original article here