Over 4,000 ElasticSearch Servers Found Hosting PoS Malware Files
The Kromtech Security Center has identified over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of POS (Point of Sale) malware — AlinaPOS and JackPOS.
Researchers discovered these exposed ElasticSearch servers last week during routine scans. Intrigued by their initial discovery, the Kromtech team used Shodan to identify more than 15,000 ElasticSearch instances that were left exposed online without any form of authentification.
Of these 15,000 servers, Kromtech says that over 4,000 are hosting files specific to the command and control (C&C) infrastructure of AlinaPOS and JackPOS.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise