Slashdot Mirror
Database Attacks Spread To CouchDB, Hadoop, and ElasticSearch Servers (bleepingcomputer.com)
An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
The fact that not all software developers think security is their problem is what is making software worse. Security is EVERYONE'S problem.
That's the problem. People who code CANNOT be experts in ALL domains related to their jobs. From my point of view, your extremely secure code ain't worth shit if your HTML and CSS can't even validate.
Hence the fiction of the "full stack developer". When we got rid of DBAs (developers know how to use databases yeah? why do we need people who can only do one thing really well?) we lost a lot of knowledge and culture - including the basic tenet that you simply do not expose business-critical database systems to the outside world.
Just run a portscan. If you can see the database from a different box, you fucked up and need to fix it.
It's like you've never heard of SQL injection, can't imagine an indirect attack could be possible.
To be fair, it's not a hard thing to check for. Just run a portscan. If you can see the database from a different box, you fucked up and need to fix it.
True, but it's often not the sort of thing first and foremost in a developers mind. If she/he can connect to a database easily it's one less impediment to getting on with the task of writing code. It takes a different mindset to focus on what could possibly go wrong at a system level.
A QA once pointed this distinction out to me. As she said, "You want to make beautiful things... and I want to destroy them."