The silent danger of SSH key mismanagement [Q&A]

The recent AyySSHush botnet campaign compromised over 9,000 ASUS routers worldwide via SSH key injection. Unlike traditional botnets, this campaign flips the C2 model -- routers silently await inbound contact from the attacker, making detection incredibly difficult. And since SSH key authentication happens after encryption is established, key usage remains invisible to most monitoring tools. Combine that with the fact that routers are critical, often unmonitored devices, and it’s easy to see why this attack is a sweet spot for adversaries. We talked to Vince Berk, product owner, discovery at Keyfactor to understand more about the risk of poor SSH… [Continue Reading]