Overview

 

AhnLab SEcurity intelligence Center (ASEC) uses honeypots to respond to and categorize brute force or dictionary attacks targeting poorly managed Linux SSH servers. This report will cover the status of attack sources identified in the second quarter of 2024 based on logs, as well as statistics on attacks performed by these attack sources. Furthermore, the malware used in each attack will be categorized with a summary of the statistical details.

 

 

Statistics

 

1. Status of Attacks on Linux SSH Servers

 

The following are statistics on attacks against Linux SSH servers identified through AhnLab’s honeypot logs in the second quarter of 2024. A notable fact about Q2 2024 is that many attacks involving P2PInfect, a Worm malware type, were identified. Because it takes up 86.8%, it will not be discussed much in this report. Aside from P2PInfect, there are no notable differences in comparison to Q1 2024.

 

Figure 1. Attacks against Linux SSH servers in Q2, 2024