With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.
Latest posts by Harper Stewart (see all)
- Dark Web Trio Sentenced - October 15, 2023
- Dymocks Data: Darknet Hit? - October 15, 2023
- Dark Web Forum Shows How to Synthesize Methamphetamine at Home - October 4, 2023
Internet Storm Center (ISC) experts from WITHOUT found an ongoing operation to hunt for and infect servers.There is no password or other kind of security for ApacheNiFi. The assailants want to set up a covert bitcoin miner on the servers and distribute it to more systems within the company.
Apache NiFi is an application for real-time data processing and delivery. It enables users to streamline data flow between many sources and endpoints. According to the researchers, Apache NiFi servers frequently have access to sensitive company data and substantial computer resources, making them appealing to hackers.
How the Attack Was Carried Out
According to the findings, the attackers scan the Internet for Apache NiFi servers with open ports 8080 or 8443/TCP and make HTTP requests to the “/nifi” URL. If the server does not need authentication, they run a malicious script on it that is loaded into temporary memory rather than being stored to disk. The script performs numerous actions, including deleting the /var/log/syslog file, disabling the firewall, shutting down any competing bitcoin miners, and downloading and running the Kinsing virus from a remote server.
Kinsing is a well-known bitcoin miner that leveraged web applicationOracleWebLogic Server vulnerabilities in their assaults last year. In rare situations, the attackers will additionally launch a second script that will gather SSH keys from the compromised computer and attempt to login to other systems inside the business.
The key sign of vulnerability is the IP address “109.207.200.43” from which assaults and scans are carried out. “The attack is extremely simple if the NiFi server is not protected,” SANS ISC specialists warn. The advice is simple: administrators should verify their Apache NiFi servers for password or other security methods. In the absence of such basic safeguards, it is required to implement them.