Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

2022-09-21 13:38

An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner.

The SSH key is said to have been set on 15,526 out of 31,239 unauthenticated Redis servers, suggesting that the attack was attempted on "Over 49% of known unauthenticated Redis servers on the internet."

A primary reason why this attack could fail is because the Redis service needs to be running with elevated permissions so as to enable the adversary to write to the aforementioned cron directory.

"While most of these services require authentication, 11% do not," the company said, adding "Out of the total 39,405 unauthenticated Redis servers we observed, the potential data exposure is over 300 gigabytes."

Censys said it also found numerous instances of Redis services that have been misconfigured, noting that "Israel is one of the only regions where the number of misconfigured Redis servers outnumber the properly configured ones."

To mitigate threats, users are advised to enable client authentication, configure Redis to run only on internal-facing network interfaces, prevent the abuse of CONFIG command by renaming it to something unguessable, and configure firewalls to accept Redis connections only from trusted hosts.

News URL

https://thehackernews.com/2022/09/over-39000-unauthenticated-redis.html

#internet #redis

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Redis		4	4	10	15	4	33