The cloud computing based distributed search engine – ElasticSearch – possesses bugs to exploit, and compromise the Amazon EC2 instances for launching DDoS attacks.
GREATRESPONDER.COM – This was announced by the principal researcher at Kaspersky Security Research Labs, Mr. Kurt Baumgartner that the main reason for distributed denial of service (DDoS) attacks in the cloud computing ecosystems happened due to the vulnerability in the ElasticSearch software, which allows the cyber criminals and hackers to exploit the vulnerability of the software and get the Amazon’s EC2 instances compromised. Later on, these compromised Amazon EC2 instances are used to launch the DDoS attacks on different cloud computing based servers and services across the cloud computing ecosystem.
While talking about the technical loopholes of the software, Baumgartner further elaborated that, “The attackers break into EC2 VMs by exploiting the CVE-2014-3120 vulnerability in Elasticsearch 1.1.x and then use a new variant of Linux DDoS Trojan Mayday – Backdoor.Linux.Mayday.g – to launch their attacks.” He further added in his official blog post that, “The [Mayday variants] in use on compromised EC2 instances oddly enough were flooding sites with UDP traffic only. The flow is strong enough that the DDoS victims were forced to move from their normal hosting operations IP addresses to those of an anti-DDoS solution.”
While talking about the gravity of the issue for the servers operating in the cloud computing environment, Mr. Baumgartner pointed out that, “The flow is also strong enough that Amazon is now notifying their customers, probably because of potential for unexpected accumulation of excessive resource charges for their customers. The situation is probably similar at other cloud providers.”
The director of solution architecture at Alert Logic Company, Mr. James Brown, is of the view that this issue does not lie in the responsibilities spectrum of Amazon’s cloud computing services due to the fact that company adheres to the Amazon’s Shared Security Model (ASSM), which agrees on the joint efforts of the customers and the company to implement the latest security patches and updates.
According to Mr. James Brown, “This is not an AWS issue; it is an issue for whoever administers those servers. With the shared security model that cloud platforms provide, it is vital that customers use tools like Intrusion Detection Systems, Vulnerability Detection, Web Application Firewalls and Log Management to build upon the security that their provider is giving them.”