BSV
$66.31
Vol 75.19m
-4.42%
BTC
$90390
Vol 49618.34m
-0.21%
BCH
$436.6
Vol 954.66m
-5.49%
LTC
$88.82
Vol 2216.06m
-3.31%
DOGE
$0.36
Vol 9449.86m
-0.84%
Getting your Trinity Audio player ready...

An aggressive type of malware is threatening to undermine enterprise search engine Elasticsearch, turning it into a sophisticated zombie crypto-mining botnet.

The malware, described by cybersecurity company Trend Micro, would result in a botnet that could be used in distributed denial of service (DDoS) attacks by launching sequential attacks on public-facing servers running outdated versions of the search engine software.

According to the security researchers, the majority of these types of attacks have been run on a commercial basis, despite the attacks themselves being “relatively straightforward” to execute.

“Many of the malicious traffic or attacks that we see targeting Elasticsearch are relatively straightforward, and more often than not, profit-driven,” the Trend Micro post noted. “An attacker looks for unsecure or misconfigured servers or exploit old vulnerabilities, then drop the final payloads that typically consist of cryptocurrency-mining malware or even ransomware.”

The malware works by firstly identifying out of date servers, which it can force to download and execute the offending scripts. According to Trend Micro, this sets the present malware apart from other similar malicious scripts.

Worryingly, they suggest this also makes the hacks harder to detect.

“The ways that the scripts are retrieved are notable…Using expendable domains, for instance, allows the attackers to swap URLs as soon as they are detected,” researchers said.

According to Trend Micro, these elements of the malware should be seen as a “red flag” that could suggest much more substantial attacks are on the way:

That the cybercriminals (or threat actors) behind this attack used URL encoding, staged where the scripts are retrieved, and compromised legitimate websites could mean they are just testing their hacking tools or readying their infrastructure before mounting actual attacks.

If this turns out to be the case, the results could be devastating for those servers affected. By forcing control of the servers, which are then used to mine cryptocurrency, the hackers have a strong commercial incentive to pull off this type of attack.

Server administrators running Elasticsearch are being warned to patch software without delay, as well as tweaking their security settings to prevent this type of attack from taking hold.

But for some, these warnings will undoubtedly be heard too late.

Recommended for you

Sentinel Node upholds heightened security with 56M snapshots
CERTIHASH keeps up with its mission to offer enterprises heightened security for their data with BSV-powered Sentinel Node, recently registering...
November 14, 2024
ODHack 9.0: Better wallet, easy testnet coins for developers
OnlyDust's ODHack 9.0 hackathon event provides developers building on the BSV blockchain with new ways to test their applications without...
November 8, 2024
Advertisement
Advertisement
Advertisement