Posted by on
Categories: ElasticSearch Hadoop HDFS MongoDB

Following recent cyber attacks on #MongoDB and #ElasticSearch, hackers are now targeting Internet-facing #Hadoop Distributed File System (HDFS) installations. As with the attacks on MongoDB and ElasticSearch, hackers are holding databases for ransom and, in many reported cases, simply deleting the data. It has now been confirmed by Fidelis Cybersecurity Threat Research that these sort of attacks are happening on HDFS instances, with the company estimating that the potential exposure of this attack is around 8,000-10,000 HDFS installations worldwide. In one incident, Fidelis observed an attacker erasing most of the directories and creating a single directory called “NODATA4U_SECUREYOURSHIT”. There was no attempt to claim a ransom or any other communication — the data was simply deleted and the directory name was left as a calling card. Further investigation saw a core issue similar to MongoDB, namely the default configuration can allow “access without authentication.”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.