Alibaba Cloud's Cloud Firewall has been able to defend against the REST API unauthorized access vulnerability of Hadoop YARN.
Hadoop is a distributed system framework developed by the Apache Software Foundation. It uses the well-known MapReduce algorithm to implement distributed processing. YARN serves as a resource management system for Hadoop clusters. Improper configuration of Hadoop YARN may lead to unauthorized access, which attackers can exploit. Without authentication, attackers can deploy tasks to run commands through a REST API, and ultimately gain full control over servers.
On October 25, 2018, Cloud Firewall detected a large number of attacks that exploited this vulnerability. Once the attack succeeds, the controlled servers access hxxps://bitbucket.org/*/raw/master/zz.sh to download malicious files for cryptocurrency mining.
Cloud Firewall has been able to defend against such attacks.
Event: REST API unauthorized access vulnerability of Hadoop YARN
Risk level: High