blog

Securing Your Business Against Legion’s Malware Upgrade

Written by Securafy Team | Jun 22, 2023 3:00:00 PM

The Legion commodity malware, known for its disruptive activities, was recently upgraded. This latest version can target Secure Shell (SSH) protocols and more cloud services, escalating the need for heightened cybersecurity measures.

Legion's New Face

So, what is the big deal? The key is understanding Legion's new capabilities. It's a Python-based tool, recently updated to compromise SSH servers and extract credentials for specific cloud services, including Amazon Web Services' DynamoDB and CloudWatch. It is a significant upgrade, extending Legion's reach and demonstrating its widening scope.

How Does Legion Operate?

Legion uses misconfigurations in web applications' settings to steal passwords and other valuable information. It also takes advantage of servers running programs that manage website content. It uses the messaging app Telegram to secretly send out stolen data. Furthermore, it uses stolen password details to send unwanted text messages to phone numbers in the U.S.

Exploiting SSH and Cloud Services

This malware update spells increased risk for your business. SSH connections, often used to control web servers and other kinds of servers securely, are now prime targets. Your cloud platforms are not safe as well. Additionally, Laravel web applications linked with AWS are at risk.

Your Cybersecurity Checklist

To mitigate these risks for your business, here's what you can do. First, strengthen authentication methods. Complex passwords, two-factor authentication, and biometrics can go a long way in protecting your business.

Next, reinforce network security measures. Firewalls, intrusion detection systems, and encrypted communications are valuable security tools. Be sure to keep all software, including your operating system, up to date.

Make sure you adhere to SSH best practices:

  • Disable root logins
  • Limit users who can use SSH
  • Use key-based rather than password-based authentication
  • Implement an intrusion detection system.

Most importantly, educate your employees. They are the first line of defense. Teach them to recognize phishing attempts, dubious links, and malware indicators.

Preparation Is Key

Even with all these measures, an attack can happen. So, prepare an incident response plan. Know how to isolate affected systems, recover data, and report breaches.
The upgrade in the Legion malware underscores the dynamic nature of cybersecurity threats. By implementing these protective measures, you can safeguard your business against SSH and cloud service vulnerabilities. Your business's safety is worth the extra mile.