Bad guys find unprotected Elasticsearch servers exposed on the web faster than search engines can index them. A study found that threat actors are mainly going for cryptocurrency mining and credential theft.
For the duration of the experiment, a honeypot with a fake database recorded more than 150 unauthorized requests, the first one occurring less than 12 hours since being exposed.
Comparitech’s research team, led by Bob Diachenko, left the Elasticsearch server exposed on the internet from May 11 until May 22. In this period, the machine an average of 18 attacks every day.
Source: Bleeping Computer