Elasticsearch: Security Assertions
January 20, 2017
I read “MongoDB Hackers Set Sights on ElasticSearch Servers with Widespread Ransomware Attacks.” According to the write up, more than 2,400 ElasticSearch services were “affected by ransomware in three days.”
“Attackers are finding open servers where there is no authentication at all. This can be done via a number of services and tools. Unfortunately, system admins and developers have been leaving these unauthenticated systems online for a while and attackers are just picking off the low hanging fruit right now.”
The write up explained:
ElasticSearch is a Java-based search engine, commonly used by enterprises for information cataloguing and data analysis.
What’s the remediation? One can pay the ransom. We suggest that Elastic cloud users read the documentation and implement the features appropriate for their use case.
Stephen E Arnold, January 20, 2017