Apache Hadoop YARN’s misconfigurations used for crypto mining

Apache Hadoop YARN’s misconfigurations used for crypto mining

Apache Hadoop Yarn is a technology for cluster management. We also use this technology for executing. It is a part of the Hadoop framework and some recent analysis reports suggest that cybercriminals are trying to exploit the misconfiguration in the Apache Hadoop YARN.

To exploit the framework, the researchers observed that the cybercriminals deployed crypto-malware in the YARN service. The researchers said that this compromise in the Apache Hadoop YARN introduces a great amount of risk in security. The hackers steal credentials and information and to increase their rate of success, they attack as many systems as possible.

The tools and techniques used by the hackers to exploit the flaws in the service are-

  •       The vulnerable services get attacked by commands via an HTTP POST request. The YARN gets the command from the attacker and creates launch scripts.
  •       After execution of the scripts, remote scripts get downloaded which deploys Kinsing Malware.
  •       They also try to spot any kind of vulnerable services using the port scanning tool.

Conclusion-

The researchers suggest that the attacker’s main goal is to disable the protection systems offered by the cloud service. The cloud service provider does not have the sole duty of maintaining the security of the company. The companies that use such third-party systems should also set up, maintain, and upgrade their security systems to keep their data safe.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!