Scourge of unsecure database deletions spreading

By on
Scourge of unsecure database deletions spreading

Hadoop instances deleted with no ransom sought.

Attackers are continuing to destroy unsecured internet-accessible databases, with tens of thousands of instances wiped so far.

Database deletions by blackmailers seeking ransom in Bitcoin came to light earlier this month, after researchers Victor Gevers and Niall Merrigan started tracing attacks on NoSQL MongoDB instances, which are often installed with no access controls.

SInce then, over 34,500 MongoDB instances have been wiped, and the attacks have spread to other databases. Gevers noted that an actor calling himself Kraken0 has wiped over 4600 Elasticsearch instances worldwide.

Kraken0 also posted an ad for a database ransomware kit written in C# that includes a list of 100,000 open MongoDB and 30,000 Elasticsearch instances, asking US$500 for the source code, or US$100 for ready compiled binary executables.

Another NoSQL database, CouchDB,  is now in attackers' crosshairs too, Gevers and Merrigan said: over 430 CouchDB instances have been wiped.

Attackers are asking for 0.1 Bitcoins (A$120) in ransom to restore deleted CouchDB instances. 

As there is scant evidence so far that the databases have been copied over to other systems as backup, researchers advise victims not to pay the ransom.

Gevers and Merrigan are seeing Hadoop, a popular open source distributed application used to store and process very large data sets, being attacked now as well. Unlike prior attacks, no ransom is sought: attackers simply delete Hadoop Distributed File System (HDFS) instances, leaving behind a message telling administrators to secure future installations of the databases.

As of writing, the researchers have recorded a tally of 126 deleted Hadoop instances.

Security vendor Fidelis analysed the rash of Hadoop attacks, and warned that the databases are often installed with minimal security while exposed to the internet, a combination that makes them sitting ducks for digtal vandals and blackmailers.

HDFS instances require no authentication by default, meaning anyone can connect to them over the internet and access the data stored inside. Hadoop attack kits are also available, making hit and run deletions of the databases even easier, Fidelis said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
couchdb elasticsearch hadoop mongodb security
In Partnership With

Most Read Articles

Telstra asks its 30,000 employees what they really think with 'experience pulse'

Telstra asks its 30,000 employees what they really think with 'experience pulse'
Telstra confronts "really abysmal" reality of customer gripes

Telstra confronts "really abysmal" reality of customer gripes
Qantas opens throttle on 'Voice of the Customer'

Qantas opens throttle on 'Voice of the Customer'
Telstra outage pulled plug on AusPost, ING, Bendigo, Cuscal payments

Telstra outage pulled plug on AusPost, ING, Bendigo, Cuscal payments
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Your mobile devices may not be secure – learn how to fix that
Your mobile devices may not be secure – learn how to fix that
Don’t risk your business – learn how to protect your cloud assets
Don’t risk your business – learn how to protect your cloud assets
Accelerate your cloud adoption - Go Fast, Securely
Accelerate your cloud adoption - Go Fast, Securely
Lessons Learnt - The Unisys Cloud Migration Journey – a digital transformation case study
Lessons Learnt - The Unisys Cloud Migration Journey – a digital transformation case study
How to drive revenue and increase loyalty through customer experience in retail
How to drive revenue and increase loyalty through customer experience in retail

Events

Log In

Username / Email:
Password:
  |  Forgot your password?