According to cloud security firm Sysdig, approximately 100 organizations’ SSH credentials were stolen using a recently released open-source pen-testing tool with worm-like capabilities.
SSH-Snake, developed by Australian security researcher Joshua Rogers, was released in January to allow for automatic network traversal using SSH keys obtained from local systems. As Rogers points out, SSH-Snake is designed for hacking and behaves like a worm.
According to the developer, SSH-Snake is a Bash script that searches for SSH keys on systems and generates a map of a network and its dependencies, the relationships between systems connected via SSH, and the extent to which the network can be compromised using SSH keys.
Read More: Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool
Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.
