Another open source database has been targeted for attack. Only this time, paying the ransom isn’t even an option. Instead, the perpetrators just destroy the database, sometimes leaving a nasty message before moving on. This makes these attacks a very odd subcategory of “ransomware.” Only weeks after the attacks began on MongoDB, the new attacks were reported by Fidelis Cybersecurity just last week. Fidelis is estimating that 8,000-10,000 installations worldwide might be affected. What is Hadoop? Hadoop is a framework managed by the Apache Software Foundation that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It can scale up to thousands of systems — providing an extreme level of availability. But, like MongoDB, its default security configuration leaves much responsibility to those implementing it. Help for implementing and securing Hadoop is available at a number of sites such as these: Implementation guidance for Hadoop is available from SAS. Guidance on securing Hadoop from Securosis. Undoubtedly because of its ability to handle huge collections of data, it was named after an elephant — actually a toy elephant. And that elephant still seems to be around. Nature of the attacks In one case, database directories were attacked and a single directory named “NODATA4U_SECUREYOURSHIT” was left in their place. The motivation for the attacks seems unclear except to cause problems for the targeted sites. The reasons the attacks are working seem to be painfully familiar. Minimal security by default and implementors not taking the time to implement proper security — access without authentication being a dominant problem Mandatory exposure via the platform-as-a-service model A denial of access attack approach Refer to the details on ThreatGeek for more details. Related content opinion Are you winning the data intelligence game? Many organizations are collecting and hoarding all sorts of data but completely failing to extract any real value from it. Successful businesses are employing data analysis for a tangible competitive edge. By Rick Braddy Jul 30, 2018 6 mins Big Data Analytics Data Center news analysis IBM launches new availability zones worldwide for hybrid enterprise clouds The company is targeting businesses with complex workload requirements, adding 18 availability zones globally to its public cloud By Marc Ferranti Jun 11, 2018 5 mins Big Data Cloud Computing Data Center opinion In the IoT world, general-purpose databases can’t cut it The constant stream of IoT data must be collected, measured, and acted upon in real time. General-purpose databases can’t handle all of that time-series data, but the InfluxData Platform can. By Linda Musthaler Apr 16, 2018 7 mins Big Data Internet of Things Data Center news Intel FPGAs step toward mainstream in Dell, Fujitsu enterprise servers Acceleration cards target financial, data analysis workloads By Marc Ferranti Apr 11, 2018 5 mins CPUs and Processors Big Data Servers PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe