26 October 18, 20:44
(This post was last modified: 26 October 18, 20:45 by silversurfer.)
Quote:A Linux-based DDoS botnet dubbed DemonBot has been found enslaving Hadoop frameworks, using a vulnerability in Hadoop’s resource management tool to infect cloud servers with the botnet malware.
Hadoop is a popular open-source framework, usually deployed in cloud environments, that organizations can use to create artificial intelligence or machine learning platforms for big-data analytics. It’s deployed on clusters of servers – virtual and physical – which are often connected to the internet. As such, it represents a ripe, and somewhat underutilized, attack surface.
Enter DemonBot, which is actively enslaving Hadoop clusters to carry out DDoS attacks based on UDP and TCP floods; the security team at Radware said that it has recorded more than 5 million server requests across the globe as of this week.
Pascal Geenens, cybersecurity evangelist at Radware, told Threatpost that the malware isn’t particularly sophisticated (the author copied and rewrote existing code to fit his or her needs), but it’s extremely effective.
Source: https://threatpost.com/demonbot-fans-ddo...nt/138597/