Brute forcing on secured shell servers emphasising the role of cyber forensics

Abstract

Background

Increasing numbers of cyber attacks threaten us personally and professionally. Cyber crimes include obtaining sensitive information (medical or financial) but may extend to organising heinous crimes including murders and aggravated sexual assaults. A major vector of cyber crimes is brute force attacks on secured shell servers.

Aim of study

This research highlights the prevalence of the intensity of brute force attacks on secured shell servers via quali-quantitative analysis of cyber attacks.

Methodology

The brute force attacks were recorded over a period of 20 days with the help of logs taken from five dedicated servers installed in a production environment.

Results

There were a minimum of 6470 and maximum of 22,715 attacks on a server per day. The total number of attacks on all the servers during the study period was 1,065,920. The brute force attacks were mainly targeted at the service network accounts.

Conclusion

Growth of the field of cyber forensics is the optimal solution to prevent the malicious use of internet services and the commissioning of crimes by this means.

Keywords

Internet cloud server password security brute force cyber crime cyber forensics

Get full access to this article

View all access options for this article.

References

Nadeem

Ali

Riaz

, et al. Intercept the cloud network from brute force and DDoS attacks via intrusion detection and prevention system. IEEE Access 2021; 9: 152300–152309.

Saito

Maruhashi

Takenaka

, et al. TOPASE: Detection and prevention of brute force attacks with disciplined IPs from IDS logs. Journal of Information Processing 2016; 24(2): 217–226.

Schwenk

Secure Shell (SSH). In: Guide to internet cryptography. Information Security and cryptography. Springer, Switzerland, 2022, pp. 329–39.

Talab

11 brute-force attack tools for penetration test, https://geekflare.com/brute-force-attack-tools/ (accessed 27 December 2023).

https://www.fireeye.com/cyber-map/threat-map.html (accessed 27 December 2023).

Matthews

A study of passwords and methods used in brute-force SSH attacks, https://www.academia.edu/63056223/ (2008, accessed 27 December 2023).

Fraunholz

Krohmer

Anton

SDD

, et al. Investigation of cyber crime conducted by abusing weak or default passwords with a medium interaction honey pot. In: 2017 international conference on cyber security and protection of digital services (cyber security), London, UK, 2017, pp. 1–7.

Salles

Berthier

Collange

, et al. Characterizing attackers and attacks: An empirical study. In: 2011 IEEE 17th Pacific Rim international symposium on dependable computing, Pasadena, CA, USA, 2011, pp.174–183.

Sochor

Zuzcak

Study of internet threats and attack methods using honey pots and honey nets. In: Communications in computer and information science 2014, pp. 118–127. In: Kwiecień A, Gaj P, Stera P (eds) Computer Networks. CN 2014. Communications in Computer and Information Science, vol 431. Springer, Cham.

10.

Thom

Shah

Sengupta

Correlation of cyber threat intelligence data across global honey pots. In: 2021 IEEE 11th annual computing and communication workshop and conference (CCWC), NV, USA, 2021, pp. 766–772.

11.

Javed

Paxson

Detecting stealthy, distributed SSH brute-forcing. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security. Berlin, Germany, 4–8 November 2013.

12.

Sadasivam

Hota

Bhojan

Detection of stealthy single-source SSH password guessing attacks. Evolving Systems 2022; 13: 1–15.

13.

Herley

Florêncio

Protecting financial institutions from brute-force attacks. In: Proceedings of the IFIP TC 11 23^rd international information security conference (eds Jajodia S, Samarati P and Cimato S), 2008. The International Federation for Information Processing, Vol. 278. Boston, MA: Springer.

14.

Revenkov

Alexander

Pavel

VM.

Research on brute force and black box attacks on ATMs. In: BIT-2021: XI international scientific and technical conference on secure information technologies, Moscow, Russia, 6–7 April 2021.

15.

El Emam K, Moreau K and Jonker E. How strong are passwords used to protect personal health information in clinical trials? J Med Internet Res 2011; 13(1): e18.

16.

https://www.livemint.com/technology/tech-news/indian-healthcare-sector-suffers-1-9-million-cyberattacks-in-2022-11669878864152.html (accessed 27 December 2023).

17.

Emam

Moreau

Jonker

How strong are passwords used to protect personal health information in clinical trials?

J Med Internet Res 2011; 13(1): e18.

18.

Fichtenkamm

Burch

, and Burch

Cybersecurity in a COVID-19 world: Insights on how decisions are made. ISACA 2022; 2(1): 1–10.

19.

Phuong

Yuming

Subho

, et al. CAUDIT: Continuous auditing of SSH servers to mitigate brute-force attacks. In: Open access to the proceedings of the 16th USENIX symposium on networked systems design and implementation (NSDI ’19).

20.

Wanjau

Wambugu

Kamau

GN.

SSH-Brute Force Attack Detection Model based on Deep Learning. International Journal of Computer Applications Technology and Research 2021; 10(1): 42–50.

21.

Hancock

Khoshgoftaar

Leevy

JL.

Detecting SSH and FTP brute force attacks in big data. In: 2021 20th IEEE international conference on machine learning and applications (ICMLA), Pasadena, CA, USA, 2021, pp. 760–765.

Brute forcing on secured shell servers emphasising the role of cyber forensics – a quali-quantitative study