Trend Micro’s security researchers discovered roughly 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection.
Spread all over the world, the unsecured instances were found to lack Transport Layer Security (TLS) encryption and without any password protection. Some of these instances were even deployed in public clouds.
An open source, in-memory data structure store, Redis (Remote Dictionary Server) was designed for use within trusted environments. Thus, if left unsecured and Internet-accessible, Redis instances are prone to all kinds of abuse, including SQL injections, cross-site scripting attacks, and even remote code execution.
Moreover, cybercriminals able to connect to unsecured deployments can view, access, and modify stored data, and upload malicious files. Several years ago, the FairWare ransomware targeted over 18,000 unsecured Redis instances.
A protected mode configuration has existed since Redis 4.0, which was released in July 2017, and was also backported to Redis 3.2.0. This protection is automatically enabled when Redis is executed in default configuration without password protection.
When in this mode, Redis only replies to queries from loopback interfaces and sends an error message to other clients attempting to connect. However, admins might still ignore the message and manually bind all of the interfaces, or even disable the protected mode completely.
Redis is highly popular, with its official Docker Hub image registering more than 1 billion downloads to date, Trend Micro’s security researchers point out.
With the help of Shodan, a search engine for Internet-connected devices, the researchers identified over 8,000 unsecured Redis instances worldwide, some in public clouds such as AWS, Azure, and Google Cloud.
By default, Redis list ..
Support the originator by clicking the read the rest link below.
