#HeadCrab bypass redis

2 messages · Page 1 of 1 (latest)

haughty kestrel Feb 4, 2024, 1:01 PM

I am not too comfortable with redis but I got an email from my security guy about this article https://www.aquasec.com/blog/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware

Is this a concern for server which has auth enabled ?

Aqua

HeadCrab: A Novel State-of-the-Art Redis Malware

Aqua Nautilus uncovers threat actor HeadCrab has created an advanced malicious Redis framework that has compromised over 1200 servers and how to protect yourself

woeful musk Feb 4, 2024, 1:47 PM

Two main things you can do to mitigate this is use auth so that you need a password. If you leave your Redis wide open, folks will mess with it. And then set ACLs to restrict the use of many Redis commands. In this particular case, the MODULE LOAD command which you should never need to run in production.

Details on ACLs are here: https://redis.io/docs/management/security/acl/

Redis

ACL

Redis Access Control List