Summary:
A new iteration of the Lucifer botnet has emerged, specifically aimed at organizations utilizing Apache Hadoop and Apache Druid big data technologies. The variant combines the insidious traits of cryptojacking and distributed denial of service capabilities, posing a significant threat to vulnerable systems. Researchers believe this resurgence signifies a testing phase before a broader onslaught, with more than 3,000 distinct attacks observed targeting these platforms in just the last month.

The campaign unfolds across three distinct phases, indicating a sophisticated approach by threat actors. Initially, attackers exploit misconfigurations in Apache Hadoop instances, leveraging vulnerabilities to execute arbitrary code and deploy the Lucifer malware. Subsequent phases witness a progression in tactics, including the deployment of multiple binaries to evade detection and a shift towards targeting Apache Druid hosts.

Security Officer Comments:
Notably, these attacks were observed through deployment of honeypots, simulated system designed to lure attackers and gather intelligence on their tactics and techniques. These findings underscore the importance of proactive security measures for organizations utilizing Apache big data technologies. Primarily addressing common misconfigurations and ensuring up to date patching can mitigate the risk of falling victim to such malicious campaigns.

Suggested Corrections:
Promptly addressing common misconfigurations and ensuring up-to-date patching can mitigate the risk of falling victim to such malicious campaigns. Additionally, employing runtime detection and response solutions can help identify and thwart unknown threats, while maintaining vigilance regarding open-source libraries and code origins remains crucial in maintaining a secure data environment.

Link(s):
https://www.darkreading.com/cloud-security/lucifer-botnet-heat-apache-hadoop-servers