For recent big data software vulnerabilities, botnets and coin mining are just the beginning

Advertisement


The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more applicable to any organization using open source software to manage their big data analysis. This is especially true since, in 2018, significant vulnerabilities were identified and disclosed for both Hadoop and Spark, allowing unauthenticated remote code execution via their REST APIs.

Many enterprises have adopted big data processing components like Hadoop and Spark to handle valuable and sensitive data. It follows that unauthorized access to these systems has potential to do significant damage. The “DemonBot” network, a Linux-based botnet used for DDoS attacks, has substantially benefited from the exploitation of these vulnerabilities.

Advertisement