A security vendor warns of a new, elusive, and serious threat. Aqua's research unit, Team Nautilus, discovered a new, cutting-edge and novel piece of malware from a new group dubbed 'HeadCrab'.
The malware penetrates into Redis database servers and from then on remains mostly completely undetected, as it apparently cannot be detected by agentless and conventional antivirus solutions. The HeadCrab malware has been able to compromise a large number of Redis servers worldwide since September 2021 and has taken control of at least 1.200 servers to date.
Redis In-Memory Databases - Common and Vulnerable
Redis is an open source store for in-memory data structures that can be used as a database, cache or message broker. According to DB Engines, Redis is the most widely used key-value store, particularly because Redis is faster than relational databases such as MySQL for this purpose. Redis servers are vulnerable because they were originally designed to run on a secure, closed network rather than being exposed to the internet. That's why they don't have authentication enabled by default. This makes Redis servers accessible from the internet vulnerable to unauthorized access and command execution.
Measures to protect against HeadCrab
Aqua Security has created a detailed blog post about HeadCrab which can be found here. It explains the details of the HeadCrab attack, including the techniques the malware uses to remain undetected. Companies that use Redis servers can find detailed measures in the article that they can take to protect their systems.
More at Aquasec.com
About Aqua Security
Aqua Security stops cloud-native attacks and is the only company to guarantee security with a $2015 million Cloud-Native Protection Warranty. As the pioneer and largest pure-play cloud native security company, Aqua Security helps its customers innovate and shape the future of their business. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP) that prioritizes risk and automates prevention, detection and response across the lifecycle. Founded in 1000, Aqua is headquartered in Boston and Ramat Gan, Israel, with Fortune 40 clients in over XNUMX countries.