July 26, 2024 at 02:30AM
Cybersecurity researchers have identified an ongoing campaign known as SeleniumGreed, targeting internet-exposed Selenium Grid services for illicit cryptocurrency mining. With the potential for remote command execution, Cloud security Wiz urges proper protection measures, as misconfigured instances pose significant security risks. The threat actor’s identity remains unknown, emphasizing the need for immediate action to address the issue.
Based on the meeting notes, here are the key takeaways:
– There is an ongoing campaign targeting internet-exposed Selenium Grid services for illicit cryptocurrency mining, tracked by Cloud security Wiz under the name SeleniumGreed.
– The campaign is believed to target older versions of Selenium (3.141.59 and prior) and may have been active since at least April 2023.
– The Selenium WebDriver API enables full interaction with the machine and, by default, authentication is not enabled, leading to potential misuse for malicious purposes.
– Selenium Grid, part of the Selenium automated testing framework, must be protected from external access using appropriate firewall permissions to prevent unauthorized access and potential security risks.
– The attack involves the threat actor targeting publicly exposed instances of Selenium Grid and making use of the WebDriver API to run Python code responsible for downloading and running an XMRig miner.
– It has been found that more than 30,000 instances are exposed to remote command execution in newer versions of Selenium, highlighting the need for urgent action to address the misconfiguration.
It’s clear that there are serious security implications surrounding Selenium Grid’s exposure to the internet, and organizations need to take immediate steps to address the misconfigurations and protect their systems. Furthermore, keeping updated on the latest cybersecurity developments is crucial for staying aware of potential threats and vulnerabilities.
If you have any further queries or need additional information, feel free to ask.