Hackers Leverage Elasticsearch Flaw in the Cloud

August 25, 2014

Just as Elasticsearch is reveling in its recent successes, CloudPro informs us that “Hackers Target Elasticsearch to Set Up DDoS Botnet on AWS.” Writer Rene Millman reports that cloud providers besides Amazon Web Services could be affected by the attacks, which leverage a vulnerability in the older Elasticsearch 1.1 versions. Because of its ability to run on multiple nodes, Elasticsearch’s open source, Java-based full-text-search application is a popular choice for use with cloud environments. The article describes the vulnerability hackers are now exploiting:

“Researchers at Kaspersky Labs have found that cybercriminals have exploited a flaw in the software to install DDoS malware on various clouds. The flaw was found in Elasticsearch v. 1.1x and a scripting exploit. The software has default support for active scripting, but does not use authentication and also does not sandbox the script code. Criminals can use the flaw to hack into EC2 VMs and then use a use a new variant of Linux DDoS Trojan Mayday – Backdoor.Linux.Mayday.g – to launch their attack, according to Kaspersky Lab principal security researcher Kurt Baumgartner.”

Millman goes on to quote a blog post by Kurt Baumgartner, principal security researcher at Kaspersky Lab. Baumgartner states:

“The [Mayday variants] in use on compromised EC2 instances oddly enough were flooding sites with UDP traffic only. The flow is strong enough that the DDoS’d victims were forced to move from their normal hosting operations IP addresses to those of an anti-DDoS solution.

“The flow is also strong enough that Amazon is now notifying their customers, probably because of potential for unexpected accumulation of excessive resource charges for their customers. The situation is probably similar at other cloud providers.”

Unsurprisingly, the goal of these attacks seems to be financial. Baumgertner notes that among those affected by this attacks are a large regional U.S. bank, a large electronics maker, and a Japanese service provider. For its part, Amazon is urging users to upgrade asap to the latest version of Elasticsearch, which is free from this vulnerability.

Cynthia Murrell, August 25, 2014

Sponsored by ArnoldIT.com, developer of Augmentext

Written by Stephen E. Arnold · Filed Under Cloud computing, News, Open source

Comments

3 Responses to “Hackers Leverage Elasticsearch Flaw in the Cloud”

hacker facebook on September 24th, 2014 8:06 am

Nicholas Allegra is absolutely not the first i – OS hacker retained
by Apple. But it is not just online behavior that can lead to
identity theft. If you would like to see the whole story
and updates from Black Box Social Media visit their blog here.
hueeuheuheuheu on October 30th, 2014 12:51 pm

In his mind, a memory embedded in him, somewhere in his
brain cells, forever. When I became a vegan 20 years ago,
it was ONLY, for personal health reasons.
This all breeds disease that will hurt your birds.
nexhost.net on November 19th, 2014 9:30 am

Lakeesha precisely what you can call her but large number
of misspell this kind of. The job she’s been occupying best is a medical worker.

My husband doesn’t like it the way I do but things i really like doing is caving but Not able to make it my
profession really. Kentucky is where he’s always been living
along with the parents live nearby. I am running and maintaining a
blog here: http://nexhost.net/

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.