Home > Resources > Whitepapers > THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors

THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors

December 4, 2018

A little more than three years ago we started hunting for OpenSSH backdoors being used in-the-wild. While we are always trying to improve defenses against Linux malware by discovering and analyzing examples, the scope of this hunt was specifically to catch server-side OpenSSH backdoors. Unfortunately, telemetry on Linux malware is not as readily available as it is on other platforms. Nonetheless, malicious OpenSSH binaries are quite common and have features that help us detect them among legitimate OpenSSH binaries.

I'm For Real

Enter your details once to access all our information and resources

Spotlight

Ursus, Inc Talent, Services & Solutions

Ursus, Inc. is a privately held leader in providing business and technology staffing consulting services. Our professionals bring bold, fresh thinking combined with technology, business, and industry expertise to help fuel transformation and growth for our clients and their customers. We place the highest priority on understanding unique client needs first, ensuring mutual, best-fit success and integration of people, service, and solutions.

OTHER WHITEPAPERS
news image

The Trellix Approach to Effective Cloud Security

whitePaper | October 27, 2022

In many ways, the cloud1 is more secure than a traditional data center. Asset management, inventory, audit logging, two-factor access controls, connectivity redundancy and firewalls are built into the cloud provider platform. Servers are easier to patch and won’t become outdated within a few years; there aren’t any forgotten boxes sitting in a dark corner with a note reading, “DO NOT TURN OFF.” However, assets on the cloud continue to be compromised, just as those stored in traditional data centers.

Read More
news image

Systemic Cybersecurity Risk and role of the Global Community: Managing the Unmanageable

whitePaper | November 29, 2022

In February 2022, a cyberattack on commercial satellite services in Ukraine caused electricitygenerating wind farms to shut down across Central Europe. In July 2021, supermarkets in Sweden were forced to close their doors after a cyberattack on an IT services provider based in Florida, USA.

Read More
news image

Cyber Security After the Pandemic

whitePaper | April 29, 2021

The cyber security industry has faced two major sets of challenges over the last twelve months. The attacks and exploits affecting Solar Winds, Accellion, Microsoft and their customers have focused attention on supply chain risk, but the impact of the coronavirus pandemic has been felt more broadly across cyber security domains and disciplines.

Read More
news image

Autodesk® Fusion 360 Security Whitepaper

whitePaper | October 27, 2022

Autodesk® Fusion 360™ is the first 3D CAD, CAM, and CAE tool of its kind. It connects your product development process in a single cloud-based platform that works on both Mac and PC. The Fusion 360 tools enable fast and easy exploration of design ideas with a secure and integrated concept-to-fabrication toolset that extends to include web browsers and mobile devices.

Read More
news image

Upchain Security Whitepaper

whitePaper | October 26, 2022

Upchain is a cloud-based product data management and product lifecycle management software that offers benefits of PDM/PLM through web browsers, APIs, CAD and Microsoft Office plugins, while securely processing customer data in the cloud.

Read More
news image

Best Practices for Row Level Security with Entitlements Tables

whitePaper | September 16, 2022

Row Level Security (RLS) in Tableau refers to restricting the rows of data a certain user can see in a given workbook or data source at the time they view the data. It contrasts with permissions within Tableau Server (or Tableau Online), which are used to control access to content and feature functionality.

Read More

The Trellix Approach to Effective Cloud Security

whitePaper | October 27, 2022

In many ways, the cloud1 is more secure than a traditional data center. Asset management, inventory, audit logging, two-factor access controls, connectivity redundancy and firewalls are built into the cloud provider platform. Servers are easier to patch and won’t become outdated within a few years; there aren’t any forgotten boxes sitting in a dark corner with a note reading, “DO NOT TURN OFF.” However, assets on the cloud continue to be compromised, just as those stored in traditional data centers.

Read More

Systemic Cybersecurity Risk and role of the Global Community: Managing the Unmanageable

whitePaper | November 29, 2022

In February 2022, a cyberattack on commercial satellite services in Ukraine caused electricitygenerating wind farms to shut down across Central Europe. In July 2021, supermarkets in Sweden were forced to close their doors after a cyberattack on an IT services provider based in Florida, USA.

Read More

Cyber Security After the Pandemic

whitePaper | April 29, 2021

The cyber security industry has faced two major sets of challenges over the last twelve months. The attacks and exploits affecting Solar Winds, Accellion, Microsoft and their customers have focused attention on supply chain risk, but the impact of the coronavirus pandemic has been felt more broadly across cyber security domains and disciplines.

Read More

Autodesk® Fusion 360 Security Whitepaper

whitePaper | October 27, 2022

Autodesk® Fusion 360™ is the first 3D CAD, CAM, and CAE tool of its kind. It connects your product development process in a single cloud-based platform that works on both Mac and PC. The Fusion 360 tools enable fast and easy exploration of design ideas with a secure and integrated concept-to-fabrication toolset that extends to include web browsers and mobile devices.

Read More

Upchain Security Whitepaper

whitePaper | October 26, 2022

Upchain is a cloud-based product data management and product lifecycle management software that offers benefits of PDM/PLM through web browsers, APIs, CAD and Microsoft Office plugins, while securely processing customer data in the cloud.

Read More

Best Practices for Row Level Security with Entitlements Tables

whitePaper | September 16, 2022

Row Level Security (RLS) in Tableau refers to restricting the rows of data a certain user can see in a given workbook or data source at the time they view the data. It contrasts with permissions within Tableau Server (or Tableau Online), which are used to control access to content and feature functionality.

Read More
More Whitepapers

Spotlight

Ursus, Inc Talent, Services & Solutions

Ursus, Inc. is a privately held leader in providing business and technology staffing consulting services. Our professionals bring bold, fresh thinking combined with technology, business, and industry expertise to help fuel transformation and growth for our clients and their customers. We place the highest priority on understanding unique client needs first, ensuring mutual, best-fit success and integration of people, service, and solutions.

Events

Cybersecurity Expo

Conference