Skip to main content

blog

False memories — chasing cryptominers through Redis.

| Author: Pepijn Vissers

TL;DR: secure your infrastructure. Open Redis servers are being abused by cybercriminals to store shell commands in your memory. Also, the underlying problem is not new.

1 — open mind

Chapter8 gathers cyber intelligence through several sources, some of which scan the internet for openly accessible services. You’d be surprised — unpleasantly I hope — by the amount of accessible and unsecured services on the net.

In this story, I’ll discuss the misuse of unsecured Redis servers in the Netherlands. Redis is “an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.” It is widely used, as can be seen in this post on Redis use cases.

The upside-down welcomes these open Redis-houses with great enthousiasm. They pose an opportunity to store stuff you don’t want in your own house. Digital contraband, as you will.

Want to read the entire blog? Click on the ''read more'' button.