P2P Self-Replicating Cloud Worm Targets Redis

  /     /     /  
Publicated : 23/11/2024   Category : security


P2P Self-Replicating Cloud Worm Targets Redis


Although not all Redis instances are vulnerable to the P2P worm variant, all of them can expect a compromise attempt, researchers warn.



Note: Article updated on 7-20-23 to add a statement from Redis.
Researchers have identified a cross-platform, Rust-based, peer-to-peer (P2) worm thats targeting the Redis open-source database application; specifically, containers in the cloud. 
A July 19 report from Palo Alto Networks Unit 42 named the 
cloud worm
 an appropriate moniker: P2PInfect. The team suspects, due to its substantial command-and-control (C2) network, and mentions of the word miner, that it could be the first stage of a wider
cryptomining
operation.
While the Unit 42 team found more than 300,000 Redis systems online, not all are vulnerable to the P2Pinfect
worm
— in fact they found just 934 of those. The team said vulnerable Redis systems are unpatched against the Lua sandbox escape vulnerability tracked under
CVE-2022-0543
, which scores 10 out of 10 on the CVSS vulnerability-severity scale.
While the vulnerability was disclosed in 2022, its scope is not fully known at this point, the Unit 42
P2P cloud worm report
explained. Additionally, the fact that P2PInfect exploits Redis servers running on both Linux and Windows operating systems makes it more scalable and potent than other worms.
The problem for the rest of the Redis user base is that Unit 42 analysts predict that every Redis system can expect threat actors to attempt a breach. And, it can be modified with additional compromise tactics at any time, meaning that Redis instances that are not vulnerable now could become crackable in the future.
The P2P network appears to possess multiple C2 features such as Auto-updating that would allow the controllers of the P2P network to push new payloads into the network that could alter and enhance the performance of any of the malicious operations, according to the report.
The Unit 42 added it will continue to track P2PInfect.
“We’ve previously seen other malware created to take advantage of CVE-2022-0543, a vulnerability created by how certain versions of Debian Linux package the Lua engine for open source Redis,” the company said in a statement provided to Dark Reading. “Redis Enterprise software bundles a hardened version of the Lua module which is not susceptible to this vulnerability. As such, customers running Redis Enterprise licensed software are not at risk from CVE-2022-0543 and P2PInfect. Users of open source Redis are encouraged to use official distributions available directly from redis.io.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
P2P Self-Replicating Cloud Worm Targets Redis