September 12, 2024 at 06:09AM
Threat actors are targeting Internet-exposed Selenium Grid servers for cryptomining, proxyjacking, and potentially more malicious activities. With thousands of exposed servers, hackers have been deploying automated malware to hijack them. Furthermore, the lack of authentication and outdated versions of Selenium Grid servers pose a significant security risk. Improperly secured servers need to be protected with multifactor authentication and other measures.
From the meeting notes, it is clear that there is a significant threat to Internet-exposed Selenium Grid servers. Threat actors are infecting these servers to use victims’ Internet bandwidth for cryptomining, proxyjacking, and potentially more malicious purposes.
Tens of thousands of Selenium Grid servers are exposed on the Internet today, and Cado Security recently launched a honeypot to gauge the threats facing these servers. The honeypot detected two primary threats: proxyjacking and a more significant attack involving a Linux privilege escalation bug and cryptomining.
The danger of these attacks is underscored by the fact that a large number of servers are publicly exposed, with many running outdated versions. The situation is exacerbated by the fact that Selenium Grid does not have any built-in authentication to prevent unauthorized access from external sources.
It is recommended to deploy an appropriately configured authentication proxy server in front of the Selenium Grid application with multifactor authentication and username and passwords if Internet access is necessary.
This information highlights the urgency of addressing the security vulnerabilities in Internet-exposed Selenium Grid servers and underscores the potential consequences of inaction.