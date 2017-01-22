Database Attacks Spread To CouchDB, Hadoop, and ElasticSearch Servers (bleepingcomputer.com) 16
An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
It's really, really pathetic how often NoSQL DBs make even MySQL look good.
But it's fast as hell [youtu.be]!
Events like this are what keep sysadmins employed. If you're not paying someone to protect your technology infrastructure, including a layered backup strategy, an effective security policy, and regular audits, this is going to happen to you too.
This assumes management actually gives a crap about security. More than likely they will blame you and fire you and just bring in a paper mcse from Bangalore to administer the systems next using the hack as an excuse to cut costs
Publicly and destructively reminding sysadmins to secure their data, rather than issuing sub rosa demands for bitcoins, is in some sense a reasonable approximation of internet philanthropy. And I notice that -- in contrast to standard ransomware procedure -- backups weren't targeted. More power to them.
