Unlawful seization of VPS servers for malicious proxy purposes - strategies for maintaining security
In the ever-evolving landscape of cybercrime, a new threat has emerged in the form of the SystemBC botnet. This malicious network, active since early 2019, has over 80 command-and-control servers and poses a significant risk to internet security.
The SystemBC botnet is notorious for its use in phishing, brute-force attacks, and ransomware operations. The operators of this botnet exploit servers with dozens to hundreds of unpatched vulnerabilities, making them easy targets. On average, each victim of SystemBC shows 20 unpatched Common Vulnerabilities and Exposures (CVEs).
VPS infrastructure, known for its higher bandwidth, long infection lifespans, and minimal disruption to end users, is a popular target for cybercriminals, including those behind SystemBC. In fact, nearly 80% of the compromised systems in this botnet are Virtual Private Servers (VPS).
The bots in the SystemBC botnet generate high-volume traffic and remain active for weeks despite being blacklisted. Despite this, the specific organization behind the SystemBC botnet remains unclear in the available information.
Lumen, a global technology company, has taken a proactive stance against this threat. They have blocked all traffic to and from SystemBC-related infrastructure across their global backbone and released indicators of compromise to aid defenders. Indicators of compromise can be found here.
Infected VPS machines in the SystemBC botnet are repurposed as proxy relays for malicious traffic. This allows the botnet to maintain an average of 1,500 active bots daily. The bots continue to function as part of sprawling proxy networks, even after being blacklisted.
Criminal proxy services, such as REM Proxy or VN5Socks, are marketing these bots to other threat groups, including ransomware operators like AvosLocker and Morpheus. This interconnectedness poses a further risk, as these ransomware operators can leverage the SystemBC botnet's infrastructure for their malicious activities.
It's crucial for server administrators to prioritise patching their systems to protect against the SystemBC botnet. With at least one critical CVE found on average per victim, and one address showing over 160 unpatched vulnerabilities, the risk is significant. By staying vigilant and proactive, we can help to minimise the impact of threats like SystemBC.
Read also:
- CEO Efe Cakarel of film platform Mubi addresses controversy regarding new investor and Israeli military ties, establishes advisory board and fund to safeguard artists under threat.
- Deadly addiction: strategies for smoking cessation to live longer
- Chinese Rare-Earth Mining Endangers the Mekong River's Integrity
- Deteriorating munitions are submerged in the Baltic Sea, and Germany aims to retrieve them before it's too late.
