Cyberattack on Apache Tomcat Servers: A Game of Cat and Mouse with the Mirai Botnet and Cryptojackers

Cyberattack on Apache Tomcat Servers: A Game of Cat and Mouse with the Mirai Botnet and Cryptojackers

Hello everyone! Get ready for a digital adventure full of intrigue. This time, we’re diving into cyberattacks on Apache Tomcat servers. Don’t worry, I’ll explain it in a relaxed and easy-to-understand style—because who says learning about cybersecurity has to be boring? Let’s get started!

Apache Tomcat Server: A Soft Target for Cyberattacks

Imagine you have a house with a door that’s always wide open. What would happen? Uninvited guests would come right in, right? Well, that’s what happens with a misconfigured Apache Tomcat server. This server becomes an easy target for cyberattacks, and this time, the goal is to spread the Mirai botnet malware and mine cryptocurrency. The attack is like ants finding sugar—everyone rushes to it!

According to a report from Aqua released by The Hacker News, more than 800 attacks were detected against honeypot Apache Tomcat servers over the last two years. What’s surprising is that 96% of these attacks were linked to the Mirai botnet. It’s like finding one cat in your house, but then discovering a whole bunch of wild cats have sneaked in.

The Attack Method: Web Shell Script “neww”

The attackers have some sneaky tricks to gain access to Apache Tomcat servers. They use a brute force method against the Tomcat web application manager, trying different credential combinations until they successfully log in. Remember that “password combination” game we often play? Well, these attackers are doing it with malicious intent.

Read Also:  Jaringan 5G Membuka Pintu Realitas Virtual, Streaming 4K, dan IoT yang Canggih

Once inside, they upload a WAR file containing a dangerous web shell class called ‘cmd.jsp.’ This web shell is like a secret agent, listening for remote requests and executing commands on your Apache Tomcat server at will. Pretty dangerous, right?

“neww” Shell Script: A Binary Downloader

After gaining access, the attackers use the “neww” shell script to download and run 12 binary files suitable for various system architectures they’ve infected. This script then deletes itself using the Linux “rm -rf” command, like a criminal wiping away all traces after a crime. It’s like a detective movie where the villain cleans up their fingerprints at the crime scene.

Mirai Malware and DDoS Attacks

The final stage of the attack is to spread the infamous Mirai malware variant. The Mirai botnet uses infected hosts to launch distributed denial-of-service (DDoS) attacks. Imagine thousands of computers attacking a single server at the same time, like a horde of zombies storming a fortress. This attack could bring your Apache Tomcat server down in an instant!

The Importance of Security and Credential Hygiene

So, how can we protect our Apache Tomcat servers from such attacks? First, make sure your Apache Tomcat server is properly configured. Don’t leave your digital front door wide open. Second, maintain clean credentials. Use strong passwords and never rely on default credentials. It’s like regularly changing the keys to your house and ensuring only trusted people have access.

Similar Cases: Attacks on MS-SQL Servers

Attacks on Apache Tomcat servers aren’t the only ones we need to worry about. AhnLab’s Security Emergency Response Center (ASEC) reported that poorly managed MS-SQL servers have also been targeted. These servers were infiltrated to spread a rootkit malware called Purple Fox, which acts as a loader to fetch additional malware, such as coin miners. This highlights the importance of securing all types of servers, not just Apache Tomcat servers.

Read Also:  Mudah! Cara Daftar di exblog.jp: Ngeblog Tanpa Drama

Rise of Cryptojacking Attacks

According to SonicWall, cryptojacking attacks have surged by 399% from last year. In the first half of 2023, there were 332 million cryptojacking attacks worldwide. This shows that illegal cryptocurrency mining is becoming increasingly profitable for cybercriminals. Imagine getting a skyrocketing electricity bill because your computer was used to mine cryptocurrency without your knowledge. Not fun, right?

Secure Your Apache Tomcat Server

Securing your Apache Tomcat server is not an easy task, but it’s crucial. By following good security practices and keeping your credentials clean, you can protect your server from devastating cyberattacks. Remember, it’s better to prevent than to cure. Don’t let your Apache Tomcat server become a gateway for digital criminals.

That’s it, folks! I hope this article helps you understand the importance of securing your Apache Tomcat server and how to protect it from attacks. Stay vigilant and keep your server safe!

Thanks for reading, and see you in the next article!