Hadoop clusters are under siege by a recently discovered malware threat designed to take over cloud-based servers as a platform for launching distributed denial-of-service attacks. The malware dubbed DemonBot was reported in a blog post last week by datacenter cybersecurity vendor Radware.
The company said the malware targets misconfigured Hadoop YARN remote command execution to infect unsecured Hadoop clusters. Radware characterized DemonBot as “unsophisticated” in that it spreads only among central Hadoop servers and lacks the punch of the more pervasive Marai botnet that targeted Internet of Things and other connected devices. Radware previously uncovered a Marai variant called Brickerbot that corrupts device storage while reconfiguring kernel settings.
Author: George Leopold