Mirai Bot, best-known for exploiting IoT Devices has recently been attacking Linux Servers through the Hadoop YARN Vulnerability. Reportedly, many Linux servers are under threat of attack.
Hackers have been trying to hack Linux servers using around 225 binaries through which the hackers are making numerous attempts against the Hadoop YARN (Yet Another Resource Negotiator). Besides DDoS Attacks on the Linux servers, the Mirai Bot has also leveraged certain Monero mining software.
The Discovery
Mathew Bing from Netscout earlier unleashed his discovery pertaining to the numerous Hadoop YARN attacks and the course of events that followed. He stated that
“This is the first time we’ve seen non-IoT Mirai in the wild.”
He also added “at least a dozen of the samples we’ve examined are clearly variants of Mirai”
Mirai was earlier focussed on IoT devices such as webcams and routers, but now it seems to be attracted to the larger picture, thereby attacking Linux servers. These attacks would eventually lead to unauthorized access and result in a loss of data.
The Attack
If reports are to be believed, the first attack can be traced back to the first half of 2018. That attack was equipped with a series of commands designed to attack and manipulate that particular platform. Ever since, there have been a string of Hadoop YARN exploit attempts, with several thousand taking place every single day.
Presently, the Mirai variations continue to exploit the Hadoop YARN vulnerability at large. There are reportedly over 1000 servers that presently remain vulnerable to these Mirai Bot attacks. A majority of these attacks have reportedly originated from the United States, United Kingdom, Germany, and Italy.