Illustration Image

Cassandra.Link

The best knowledge base on Apache Cassandra®

Helping platform leaders, architects, engineers, and operators build scalable real time data platforms.

9/13/2018

Reading time:1 min

A Benevolent Hacker Is Warning Owners of Unsecured Cassandra Databases

by Catalin Cimpanu

An unknown hacker is accessing public and unsecured Apache Cassandra databases and adding an extra table through which it warns server owners that their DB was left exposed to online attacks.The first cases of Cassandra databases with this extra table were spotted by a Twitter user that goes by the nickname of  DunningKrugerEffect.The name of this table is "your_db_is_not_secure," and the table doesn't hold any type of information inside.The purpose of this table is to warn Cassandra owners that their database can be very easily held for ransom in the upcoming few days if left online unprotected. According to Shodan, there are currently over 2,600 Cassandra database instances left accessible online.Since the start of the year, multiple criminal groups have been hijacking database servers left unprotected online, wiping data and requesting a ransom payment.First attacks hit MongoDB servers and were quickly followed by attacks against ElasticSearch clusters, Hadoop servers and CouchDB databases.All previous attacks have been tracked by Victor Gevers and other members of the GDI.foundation, who created spreadsheets that keep track of ongoing attacks.One such spreadsheet is available for Cassandra attacks. These are the latest statistics regarding database ransom attacks:MongoDB - 40,291 serversElasticSearch - 5,044 serversApache Hadoop - 186 serversApache CouchDB - 452 serversApache Cassandra - 49 serversCurrently, multiple members of the GDI.foundation "have been investigating these cases deploying honeypots and getting intel on the attacks," Gevers tells Bleeping Computer.The GDI.foundation has also been working with local CERT teams and attempting to notify database owners before attackers hijack their data. Despite this, very few server owners heeded their warnings, with many servers still remaining unsecured.If you're wondering what other database servers attackers could hit, there are Neo4J, Riak, or Redis systems that have not yet been targeted by these types of ransom attempts.

Illustration Image

Cassandra logo

An unknown hacker is accessing public and unsecured Apache Cassandra databases and adding an extra table through which it warns server owners that their DB was left exposed to online attacks.

The first cases of Cassandra databases with this extra table were spotted by a Twitter user that goes by the nickname of  DunningKrugerEffect.

The name of this table is "your_db_is_not_secure," and the table doesn't hold any type of information inside.

The purpose of this table is to warn Cassandra owners that their database can be very easily held for ransom in the upcoming few days if left online unprotected. According to Shodan, there are currently over 2,600 Cassandra database instances left accessible online.

Since the start of the year, multiple criminal groups have been hijacking database servers left unprotected online, wiping data and requesting a ransom payment.

First attacks hit MongoDB servers and were quickly followed by attacks against ElasticSearch clusters, Hadoop servers and CouchDB databases.

All previous attacks have been tracked by Victor Gevers and other members of the GDI.foundation, who created spreadsheets that keep track of ongoing attacks.

One such spreadsheet is available for Cassandra attacks. These are the latest statistics regarding database ransom attacks:

Currently, multiple members of the GDI.foundation "have been investigating these cases deploying honeypots and getting intel on the attacks," Gevers tells Bleeping Computer.

The GDI.foundation has also been working with local CERT teams and attempting to notify database owners before attackers hijack their data. Despite this, very few server owners heeded their warnings, with many servers still remaining unsecured.

If you're wondering what other database servers attackers could hit, there are Neo4J, Riak, or Redis systems that have not yet been targeted by these types of ransom attempts.

Related Articles

cassandra
ssl
security

Setting Up a Cassandra Cluster With SSL - DZone Cloud

Jean-Paul Azar

7/26/2022

cassandra
security

Checkout Planet Cassandra

Claim Your Free Planet Cassandra Contributor T-shirt!

Make your contribution and score a FREE Planet Cassandra Contributor T-Shirt! 
We value our incredible Cassandra community, and we want to express our gratitude by sending an exclusive Planet Cassandra Contributor T-Shirt you can wear with pride.

Join Our Newsletter!

Sign up below to receive email updates and see what's going on with our company

Explore Related Topics

AllKafkaSparkScyllaSStableKubernetesApiGithubGraphQl

Explore Further

cassandra