1Likes
LinkBack URL
About LinkBacks
Apparently, the digital thieves found out a way to break into Amazon’s cloud and infect it with DDoS malware. Security experts found out that the hole was thanks to a flaw in distributed search engine software Elasticsearch, a popular open-source search engine server. The software in question was developed in Java, and it is known that Java allows apps to perform full-text search for different documents via a REST API (representational state transfer application programming interface).
The Amazon Elastic Compute Cloud (EC2) is not the only one which uses Elasticsearch: the search engine server is commonly used in many cloud environments, such as Microsoft Azure, Google Compute Engine and other platforms.
According to the engine’s developers, versions 1.1.x of Elasticsearch support active scripting via API calls in their default configuration. However, the authors failed to explain why this doesn’t require authentication. This is how the malware creators have broken into the system.
Apparently, the developers decided not to release a patch for the 1.1.x branch, but starting with version 1.2.0, dynamic scripting was disabled by default. In the meantime, Kaspersky Lab has discovered variants of Mayday, a Trojan program for Linux used to launch distributed denial-of-service attacks, and one of them was caught running on compromised Amazon EC2 server instances.
According to Kaspersky Lab researchers, Amazon was not the only victim of the intruders. They also break into virtual machines run by Amazon EC2 customers by exploiting the CVE-2014-3120 vulnerability in Elasticsearch 1.1.x, because it was still being used by some organizations in active commercial deployments despite being superseded by 1.2.x and 1.3.x versions.
Security experts saw the early stages of the Elasticsearch attacks. They also found out that the intruders modified publicly available proof-of-concept exploit code for CVE-2014-3120 and installed a Perl-based Web shell with its help. This is how the hackers got a backdoor script which allowed remote attackers to execute Linux shell commands over the Internet. According to the information from the security specialists, the script downloads the new version of the Mayday DDoS bot, dubbed Backdoor.Linux.Mayday.g
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
Thread: Hackers Cracked Amazon’s Cloud
-
08-04-2014 #1"You Only Live Once"
- Reputation Points
- 185819
- Reputation Power
- 100
- Join Date
- Feb 2013
- Posts
- 9,377
- Time Online
- 189 d 4 h 22 m
- Avg. Time Online
- 1 h 7 m
- Mentioned
- 1922 Post(s)
- Quoted
- 411 Post(s)
- Liked
- 6955 times
- Feedbacks
- 571 (100%)
Hackers Cracked Amazon’s Cloud
Reply With QuoteLinkBacks (?)
-
Untitled document
Refback This thread08-04-2014, 11:13 AM -
Untitled document
Refback This thread08-04-2014, 11:09 AM
