Until last year, cyber criminals were only targeting computers of individuals and organisations with ransomware and holding them for ransom, but then they started targeting unprotected online databases and servers around the globe for ransom as well.
Earlier this year, we saw notorious incidents where tens of thousands of
unprotected MongoDBand Elasticsearch databases were hacked and held for ransom in exchange of the data the hackers had stolen and deleted from the poorly configured systems.
Now, cyber crooks have started targeting unprotected Hadoop Clusters and CouchDB servers as well, making the
ransomware gamenastier if your servers are not securely configured.
Nearly 4,500 servers with the Hadoop Distributed File System (HDFS) — the primary distributed storage used by Hadoop applications — were found exposing more than 5,000 Terabytes (5.12 Petabytes) of data, according to an analysis conducted using
Shodansearch engine.
This exposure is due to the same issue — HDFS-based servers, mostly Hadoop installs, haven't been properly configured.
The Hadoop Distributed File System (HDFS) is a distributed file system that is being designed to store vast data sets reliably and to stream those data sets at high bandwidth to user applications.
Like other Hadoop-related techs, HDFS has become a primary tool for managing large clusters of data and supporting big data analytics applications.
In a blog post, Shodan Founder John Matherly revealed that while the focus had been on MongoDB and Elasticsearch databases exposed on the Internet, Hadoop servers turned out to be "the real juggernaut."
Although MongoDB has over 47,800 servers
exposed on the Internetthat exposes 25TB of data, Hadoop has just 4,487 servers in total but exposes a considerably higher amount of data of more than 5,000TB.
Most of the Hadoop servers that expose data on the Internet are located in the United States (1,900) and China (1,426), followed by Germany (129) and South Korea (115).
A majority of the HDFS instances are hosted in the cloud with Amazon Web Services leading the charge with 1,059 instances and Alibaba with 507.
While we saw ransom attacks aimed at
unprotected MongoDBand Elasticsearch databases last year, Matherly said those attacks have not been stopped and are still targeting CouchDB and Hadoop servers.
"The ransomware attacks on databases that were widely publicised earlier in the year are still happening," says Matherly. "And they're impacting both MongoDB and HDFS deployments."
Matherly has also shared all the
necessary stepson how to replicate the searches on Shodan search engine that users could follow in order to conduct their own investigations.
Administrators are encouraged to configure their Hadoop servers to run them in secure mode by following the
instructionsprovided by the company.
from The Hacker News http://ift.tt/2s3QFNA
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.