After scanning 72,000 publicly available Redis (REmote DIctionary Server) servers with attack keys garnered through honeypot traffic, Imperva today reported that 75% of the publicly available Redis servers were hosting the attacks registered in the honeypot.
Three-quarters of the servers contained malicious values, which Imperva said is an indication of infection, and more than two-thirds of the open Redis servers contained malicious keys. The honeypot data also revealed that those infected servers with “backup” keys were attacked from a medium-sized botnet (610 IPs) with 86% of the IPs located in China.
Security research team leader at Imperva, Nadav Avital wrote in a blog post today that the high percentage of infections was most likely because they are being directly exposed to the internet. “However, this is highly unrecommended and creates huge security risks.”
Read more at InfoSecurityMagazine.