Another open source database has been targeted for attack. Only this time, paying the ransom isn't even an option. Instead, the perpetrators just destroy the database, sometimes leaving a nasty message before moving on. This makes these attacks a very odd subcategory of \u201cransomware.\u201d\nOnly weeks after the attacks began on MongoDB, the new attacks were reported by Fidelis Cybersecurity just last week. Fidelis is estimating that 8,000-10,000 installations worldwide might be affected.\nWhat is Hadoop?\nHadoop is a framework managed by the Apache Software Foundation that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It can scale up to thousands of systems -- providing an extreme level of availability. But, like MongoDB, its default security configuration leaves much responsibility to those implementing it.\nHelp for implementing and securing Hadoop is available at a number of sites such as these:\n\nImplementation guidance for Hadoop is available from SAS.\nGuidance on securing Hadoop from Securosis.\n\nUndoubtedly because of its ability to handle huge collections of data, it was named after an elephant -- actually a toy elephant. And that elephant still seems to be around.\nNature of the attacks\nIn one case, database directories were attacked and a single directory named \u201cNODATA4U_SECUREYOURSHIT\u201d was left in their place. The motivation for the attacks seems unclear except to cause problems for the targeted sites.\nThe reasons the attacks are working seem to be painfully familiar.\n\nMinimal security by default and implementors not taking the time to implement proper security -- access without authentication being a dominant problem\nMandatory exposure via the platform-as-a-service model\nA denial of access attack approach\n\nRefer to the details on ThreatGeek for more details.