A new multistage attack exploiting Elasticsearch servers using the old unpatched vulnerability to invoke a shell with a crafted query and encoded Java commands. The attack aims to deliver BillGates/Setag Backdoor against vulnerable Elasticsearch servers. The attack targets the already patched vulnerability in the Groovy scripting engine (versions 1.3.0 – 1.3.7 and 1.4.0 – 1.4.2) […]
The malware attack involves two stages including one in which existing cryptomining malware is removed. The IT security researchers at Trend Micro have discovered a new malware campaign targeting Elasticsearch databases in the wild. The campaign takes advantage of unprotected or publicly available Elasticsearch databases, infect them with malware before turning them into botnet zombies […]
Working with large amounts of data without taking the necessary security steps can pose a huge risk to any organization. According to the ethical hacking training experts from the International Institute of Cyber Security (IICS), unprotected databases significantly increase the chances of a company being a victim of a data breach. For example, more than […]
Security researchers discovered 257,287 legal documents from unprotected Elasticsearch cluster that hosted on a US-based Amazon AWS server. The unprotected sensitive documents labeled as “not designated for publication‘” and the data contains 4.7GB highly sensitive legal documents. Further investigation reveals that the data managed by Lex Machina, an IP litigation research company and division of […]
Two old vulnerabilities were exploited, allegedly by Chinese hackers The Cisco network security and ethical hacking teams recently detected intrusions from malicious hackers by targeting Elasticsearch clusters to exploit previously reported vulnerabilities to perform various malicious actions such as malware injection and cryptocurrency mining, reported experts from the International Institute of Cyber Security. “Hackers are […]
Kromtech’s security researchers have identified two point-of-sale (POS) malware strains namely AlinaPOS and JackPOS hosted on more than 4,000 ElasticSearch servers. It is the same platform that was targeted in the MongoDB ransomware campaign. In total there are over 15,000 servers on ElasticSearch that don’t possess any authentication and password protection while the POS malware […]
With the rise of inexpensive Virtual Servers and popular services that install insecurely by default, coupled with some juicy vulnerabilities, like CVE-2015-5377 andCVE-2015-1427, this year will be an interesting one for Elasticsearch. Elasticsearch provides plenty of targets for people to exploit and create server-based botnets but in fairness it is not only Elasticsearch that suffers […]