iTnews
  • Home
  • News
  • Technology
  • Security

Scourge of unsecure database deletions spreading

By Juha Saarinen on Jan 20, 2017 6:42AM
Scourge of unsecure database deletions spreading

Hadoop instances deleted with no ransom sought.

Attackers are continuing to destroy unsecured internet-accessible databases, with tens of thousands of instances wiped so far.

Database deletions by blackmailers seeking ransom in Bitcoin came to light earlier this month, after researchers Victor Gevers and Niall Merrigan started tracing attacks on NoSQL MongoDB instances, which are often installed with no access controls.

SInce then, over 34,500 MongoDB instances have been wiped, and the attacks have spread to other databases. Gevers noted that an actor calling himself Kraken0 has wiped over 4600 Elasticsearch instances worldwide.

Kraken0 also posted an ad for a database ransomware kit written in C# that includes a list of 100,000 open MongoDB and 30,000 Elasticsearch instances, asking US$500 for the source code, or US$100 for ready compiled binary executables.

Another NoSQL database, CouchDB,  is now in attackers' crosshairs too, Gevers and Merrigan said: over 430 CouchDB instances have been wiped.

Attackers are asking for 0.1 Bitcoins (A$120) in ransom to restore deleted CouchDB instances. 

As there is scant evidence so far that the databases have been copied over to other systems as backup, researchers advise victims not to pay the ransom.

Gevers and Merrigan are seeing Hadoop, a popular open source distributed application used to store and process very large data sets, being attacked now as well. Unlike prior attacks, no ransom is sought: attackers simply delete Hadoop Distributed File System (HDFS) instances, leaving behind a message telling administrators to secure future installations of the databases.

As of writing, the researchers have recorded a tally of 126 deleted Hadoop instances.

Security vendor Fidelis analysed the rash of Hadoop attacks, and warned that the databases are often installed with minimal security while exposed to the internet, a combination that makes them sitting ducks for digtal vandals and blackmailers.

HDFS instances require no authentication by default, meaning anyone can connect to them over the internet and access the data stored inside. Hadoop attack kits are also available, making hit and run deletions of the databases even easier, Fidelis said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
couchdbelasticsearchhadoopmongodbsecurity

Partner Content

Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Juha Saarinen
Jan 20 2017
6:42AM
0 Comments

Related Articles

  • New Meow bot attacks open ElasticSearch instances
  • Poor patching creates easy zero-day vulnerability reuse
  • Atlassian patches Jira server plugin to fix vulnerability
  • Monash University opens public bug bounty
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Researchers hacked Oracle servers to demo serious vulnerability

Researchers hacked Oracle servers to demo serious vulnerability
PayTo rollout kicks off

PayTo rollout kicks off
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
The security threat of quantum computing
The security threat of quantum computing
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.