Latest Bot Targets Hadoop Clusters

By George Leopold

Hadoop clusters are under siege by a recently discovered malware threat designed to take over cloud-based servers as a platform for launching distributed denial-of-service attacks.

The malware dubbed DemonBot was reported in a blog post last week by datacenter cybersecurity vendor Radware. The company (NASDAQ: RDWR) said the malware targets misconfigured Hadoop YARN remote command execution to infect unsecured Hadoop clusters.

Radware characterized DemonBot as “unsophisticated” in that it spreads only among central Hadoop servers and lacks the punch of the more pervasive Marai botnet that targeted Internet of Things and other connected devices. Radware previously uncovered a Marai variant called Brickerbot that corrupts device storage while reconfiguring kernel settings.

“Hadoop clusters typically are very capable and stable platforms and can individually account for much larger volumes of [distributed denial-of-service] traffic compared to IoT devices,” the malware tracker said.

Tel Aviv-based Radware said last week it is currently monitoring 70 exploited Hadoop servers that are spreading DemonBot. Those servers are collectively executing more than 1 million exploits daily, the security firm said. “DemonBot is not limited to x86 Hadoop servers and is binary compatible with most known IoT devices, following the Mirai build principles,” it added.

Radware has been tracking attempts to exploit an unauthenticated Hadoop YARN remote command execution used to infect unsecured Hadoop clusters with the DemonBot malware. The exploits began ramping up in September and have since reached more than 1 million attempts per day during October.

The new exploit coincides with major disruptions in the Hadoop market, most notably the merger of Hadoop specialists Cloudera (NYSE: CLDR) and Hortonworks (NASDAQ: HDP). The merger has accelerated Hadoop’s push to the cloud, including greater support for Docker containers running on YARN in the latest version of Hadoop.

Both Cloudera and Hortonworks were working towards supporting Kubernetes cluster orchestrators with their Hadoop distributions before their merger announcement. The goal is to replace YARN with Kubernetes as a resource management framework for clusters. That move would presumably address the latest Hadoop security threat from DemonBot malware.

Recent items:

Is Hadoop Officially Dead?

Cloudera and Hortonworks to Merge in $5.2 Billion Deal

The post Latest Bot Targets Hadoop Clusters appeared first on Datanami.

Read more here:: www.datanami.com/feed/

Posted on: October 29, 2018

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.