New DDoS botnet goes after Hadoop enterprise servers
October 27, 2018/ Neeraj Aarora / Cyber Crimes / 0 comments
Hacker group targets misconfigured Hadoop YARN components to plant DemonBot DDoS malware on resource-rich servers.
For nearly a month, a new botnet has been slowly growing in the shadows, feasting on unsecured Apache Hadoop servers, and planting bots on vulnerable servers to be used for future DDoS attacks.
First spotted in honeypot data by a NewSky Security researcher while it was still in its infancy, the botnet has matured and expanded in the meantime.
While initially, the botnet consisted of a few command and control servers, in a threat alert sent out today by cyber-security firm Radware, the company says the botnet has now grown to number over 70 servers.
The role of these servers is to scan the internet for Hadoop installations that use a misconfigured YARN module.
YARN, which stands for Yet Another Resource Negotiator, is a core component of the Apache Hadoop data processing framework, often used in large enterprise networks or cloud computing environments. ..Read More..