Security News > 2020 > April > 8,000 Unprotected Redis Instances Accessible From Internet
Trend Micro's security researchers discovered roughly 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection.
Several years ago, the FairWare ransomware targeted over 18,000 unsecured Redis instances.
A protected mode configuration has existed since Redis 4.0, which was released in July 2017, and was also backported to Redis 3.2.0.
With the help of Shodan, a search engine for Internet-connected devices, the researchers identified over 8,000 unsecured Redis instances worldwide, some in public clouds such as AWS, Azure, and Google Cloud.
To keep their Redis instances secure, admins should make sure that deployments are properly secured and that only authorized users have access to them, use TLS together with password authentication, keep an eye on the execution of commands, apply network segmentation when using containers, and avoid using Redis in the frontend development.