Security researchers have observed a spike in attacks from multiple threat actors targeting Elasticsearch clusters, in what is believed to be an attempt to spread malware on victims’ machines.
Attackers appear targeting clusters using versions 1.4.2 and lower, and are leveraging old vulnerabilities to pass scripts to search queries and drop the attacker’s payloads, according to a blog post by researchers at Cisco Talos. Researchers found that both malware and cryptocurrencyminers were being left on target machines.
Read more…
Source: ITPro