Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication.
The researcher Victor Zhu detailed a Redis unauthorized access vulnerability that could be exploited to compromise Redis instances exposed online.
“Under certain conditions, if Redis runs with the root account (or not even), attackers can write an SSH public key file to the root account, directly logging on to the victim server through SSH. This may allow hackers to gain server privileges, delete or steal data, or even lead to an encryption extortion, critically endangering normal business services.” reads the post published by Zhu on September 11, 2022.
Now researchers from Censys are warning of tens of thousands of unauthenticated Redis servers exposed on the internet that are under attack.
Threat actors are targeting these instances to install a cryptocurrency miner.
