Elasticsearch Clusters Face Attacks From Multiple Hacker Groups

itwbennett writes: If you're running Elasticsearch 1.4.2 and lower, you should make sure your patches are up to date. That's because researchers from Cisco's Talos group have "detected an increase in attacks targeting unsecured Elasticsearch clusters." At least six different groups are responsible for the increase, each deploying different malware, but regardless of the method, the potential impact of a breach is huge because Elasticsearch is designed to work with big data and companies use it to process sensitive data. "Given the size and sensitivity of the data sets these clusters contain, the impact of a breach of this nature could be severe," the Talos researchers warned.

monetization

[astrofurter]

One problem is that Elasticsearch is insecure by default. It's part of their "open core" monetization strategy. The FOSS core of ES has no security whatsoever - it's wide open to the world. Security functionality is available only as part of the proprietary X-Pack extensions.

AWS managed ES, probably the most widely used flavor of ES, adds very crude IP-based all-or-nothing security. Which IIRC is wide open by default. Unfortunately AWS seems intent on leaching. They charge their users handsomely for hosted ES, but are unwilling to contribute a dime - or any code - back to the Elasticsearch project. So they get zero cooperation from Elastic Co. And AWS ES remains a security nightmare.

It's a shame that Elastic choose to make basic security a monetized feature. And it's a shame that AWS is so enthusiastic about leaching. And finally it's also a shame that the Law in most cases imposes little or no penalty at all on companies who fail to protect all the personally identifiable information they hoard.

Expect more data spillage in the future!