Someone is roping Apache NiFi servers into a cryptomining botnet

2023-05-31 13:49

If you're running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else's behalf.

"Routers make bad cryptomining servers. Cryptomining may be what they end up doing if the lateral movement doesn't get them anywhere."

How many unsecured Apache NiFi instances are there?

"Due to its use as a data processing platform, NiFi servers often have access to business-critical data. NiFi presents an attractive target for anyone who wants to steal, modify or delete the data," he says.

SANS ISC has provided the malicious scripts and indicators that point to compromise: malicious cron jobs for persistence, odd processors in the NiFi configuration, IP addresses, and hashes of the scripts and the cryptominer.

In general Apache NiFi instances should not be internet-facing and access to them should be properly secured.

News URL

https://www.helpnetsecurity.com/2023/05/31/apache-nifi-cryptomining/

#apache #botnet #cryptomining #server

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		296	59	841	632	294	1826

News URL

Related news

Related vendor